Technology

<div class="body gsd-paywall"><div>Recent data found that while many Americans have taken at least one step towards being prepared, there are still more actions that can be taken in the short term to help protect their finances and their families should disaster strike.</div> <div> <p>Six in ten Americans (61 percent) believe they are likely to be personally impacted by a natural disaster in the next three to five years, including one in five (19 percent) saying they are very likely to be personally impacted. That’s according to an American Institute of CPAs (AICPA) survey of 2,050 U.S. adults conducted by The Harris Poll in the fall of 2019. Natural disasters like hurricanes, floods, tornadoes, earthquakes and wildfires happen every year. In fact, 2019 marked the <a href="https://cts.businesswire.com/ct/CT?id=smartlink&amp;url=https%3A%2F%2Fcoast.noaa.gov%2Fstates%2Ffast-facts%2Fweather-disasters.html&amp;esheet=52224539&amp;newsitemid=20200527005084&amp;lan=en-US&amp;anchor=fifth+consecutive+year&amp;index=1&amp;md5=5dbf2118bc61ce06337ece68bb0c9fb6" rel="nofollow" shape="rect" target="_blank">fifth consecutive year</a> that ten or more weather and climate disasters with at least a billion-dollars of associated losses affected the United States.</p> <p>“In the face of a natural disaster, protecting your family from harm should be your primary concern,” said Gregory J. Anton, CPA, CGMA, chair of the AICPA’s National CPA Financial Literacy Commission. “During the recovery process, access to financial resources and personal information is critically important. Taking action to put together a plan today will help protect your family and your finances should you ever find yourself impacted by a natural disaster.”</p> <p><strong>Understanding Financial Impacts of Natural Disasters</strong></p> <p>Nearly four in ten Americans (37 percent) admit they do not have a good sense of how much recovering from a natural disaster would cost their family financially. And seven in ten (71 percent) say that such an event would have a major or moderate impact on their financial situation, including a third (33 percent) who said there would be a major impact.</p> <p>“It is a good idea to run through the calculations for potential damage, finding temporary housing and other recovery costs, so you can check to see if you would have enough cash on hand to cover it,” added Anton. “Review your insurance to be sure you have the right amount of coverage and that you're not overpaying. Make sure you know what is covered and don’t be afraid to comparison shop periodically to see if switching makes sense.”</p> <p><strong>Emergency Preparedness</strong></p> <p>The good news is nearly three-quarters of Americans (73 percent) have taken at least one step to prepare for a natural disaster, most commonly assembling a disaster supplies kit (34 percent), creating an evacuation plan (32 percent), or backing up and storing personal medical and financial records in a safe place (31 percent). The bad news is only 15 percent have created a disaster plan to protect their finances. And concerningly, a little more than a quarter of Americans (27 percent) have not taken any steps at all to prepare for a natural disaster.</p> <table cellspacing="0" id="table-0"> <tbody> <tr> <td colspan="1" rowspan="1"> </td> <td colspan="4" rowspan="1"> <p><strong>Steps Americans Have Taken to Prepare for Natural Disaster</strong></p> </td> </tr> <tr> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>34%</p> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>Assembled a disaster supplies kit (first-aid kit, food, water, tools, etc.)</p> </td> </tr> <tr> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>32%</p> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>Created an evacuation plan</p> </td> </tr> <tr> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>31%</p> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>Backed up &amp; stored personal, medical &amp; financial records in a safe, accessible place</p> </td> </tr> <tr> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>27%</p> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>Evaluated insurance needs to assure adequate coverage</p> </td> </tr> <tr> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>26%</p> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>Taken an inventory of assets &amp; possessions for insurance purposes</p> </td> </tr> <tr> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>24%</p> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>Contributed to an emergency saving account</p> </td> </tr> <tr> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>19%</p> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>Created or updated an estate plan and/or will</p> </td> </tr> <tr> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>19%</p> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>Purchased additional insurance (e.g., flood insurance, hurricane insurance, etc.)</p> </td> </tr> <tr> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>15%</p> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>Created a disaster plan to protect finances</p> </td> </tr> <tr> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>2%</p> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>Other</p> </td> </tr> <tr> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>27%</p> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> </td> <td colspan="1" rowspan="1"> <p>I have not taken any steps to prepare for a natural disaster</p> </td> </tr> </tbody> </table> <div style="clear:both;"> </div> AICPA recommend a few areas where Americans may want to get a head start. <p><strong><em>Banking Without the Bank</em> -- </strong>Investigate alternative locations to use anATM card to obtain cash without additional fees, and perhaps mobile banking which can allow most banking activities including check deposits and transfers between accounts.</p> <p><strong><em>Insurance Coverage</em> -- </strong>Ensure homeowner’s or renters insurance is up to date for changes in value, valuable items and special risks like flooding.</p> <p><strong><em>Safe Deposit Box</em> -- </strong>Ensure cpmplete access to a safe deposit box.</p> <p><strong><em>Wills, Powers of Attorney, and Health Care Proxies</em> -- </strong>Ensure legal paperwork is up to date.</p> <p><strong><em>Employment-Based Programs</em> -- </strong>Consider disability coverage or ability to borrow from a 401(k) or similar retirement plan.</p> </div> </div>

<div class="body gsd-paywall"><div>The University of Texas-San Antonio has been selected to receive a five-year, $70 million cooperative agreement from the U.S. Department of Energy to establish and lead the <a href="https://cymanii.com/">Cybersecurity Manufacturing Innovation Institute</a> (CyManII).</div> <div> <p>“CyManII leverages the unique research capabilities of the Idaho, Oak Ridge and Sandia National Laboratories as well as critical expertise across our partner cyber manufacturing ecosystem,” <a href="https://www.utsa.edu/today/2020/05/story/DOE_selects_UTSA_CyManII.html">said </a>UTSA President Taylor Eighmy. “We look forward to formalizing our partnership with the DOE to advance cybersecurity in energy-efficient manufacturing for the nation.”</p>  CyManII will focus on three high-priority areas where collaborative research and development can help U.S. manufacturers: securing automation, securing the supply chain network and building a national program for education and workforce development. <p>“As United States manufacturers increasingly deploy automation tools in their daily work, those technologies must be embedded with powerful cybersecurity protections,” said Howard Grimes, CyManII chief executive officer and associate vice president and associate vice provost for institutional initiatives at UTSA. “UTSA has assembled a team of best-in-class national laboratories, industry, nonprofit and academic organizations to cybersecure the U.S. manufacturing enterprise. Together, we will share the mission to protect the nation’s supply chains, preserve its critical infrastructure and boost its economy.”</p> <p>CyManII’s research objectives will focus on understanding the evolving cybersecurity threats to greater energy efficiency in manufacturing industries, developing new cybersecurity technologies and methods and sharing information and knowledge with the broader community of U.S. manufacturers.</p> <p>CyManII aims to revolutionize cybersecurity in manufacturing by designing and building a secure manufacturing architecture that is pervasive, unobtrusive and an enabler for energy efficiency. Grimes said the latter aspect of this industry-driven approach is essential because it allows manufacturers of all sizes to invest in cybersecurity and achieve an energy return on investment rather than continually spending money on cyber patches.</p> <p>These efforts will result in a suite of methods, standards and tools rooted in the concept that everything in the manufacturing supply chain has a unique authentic identity. These solutions will address the comprehensive landscape of complex vulnerabilities and be economically implemented in a wide array of machines and environments.</p> <p>“On behalf of The University of Texas System Board of Regents, UTSA and UT System are grateful to the U.S. Department of Energy for selecting us to lead this very important national effort in cybersecurity and manufacturing. We selected UTSA to lead CyManII due to the university’s well-known strengths in cybersecurity and national connectivity in this space,” said James B. Milliken, chancellor for the UT System. “This groundbreaking endeavor has UT System’s full support as the project is launched and realized.”</p> <p>UTSA was designated by The University of Texas System to lead its CyManII proposal, based on the university’s core expertise in cybersecurity and the breadth and depth of its national relationships. In addition to its federal funding the institute will be supported by an additional $41 million in cost-sharing funds from its partners, including UT System’s commitment of $10 million, bringing the total five-year investment to more than $111 million.</p> <p> </p> </div> </div>

Cisco said today that some of its Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) backend servers were hacked by exploiting critical SaltStack vulnerabilities patched last month. "Cisc… [+2608 chars]

NEW YORK--(BUSINESS WIRE)--tZERO, the global leader in blockchain innovation for capital markets, announced today that broker-dealers ChoiceTrade and a multinational, publicly-traded investment bank … [+6029 chars]

<div class="c-article__content js-reading-content"> <p>Google has been hit by a lawsuit alleging that it violates user privacy by collecting location data via various means – and claiming that Google makes it nearly “impossible” for users to opt out of such data tracking.</p> <p>The lawsuit, filed by Arizona Attorney General Mark Brnovich, alleges that Google uses “deceptive and unfair conduct” to obtain Android users’ location data via various applications, services and technologies, which is then used for advertising purposes. The alleged data collection would violate the Arizona Consumer Fraud Act, a set of laws that give protections to consumers in various transactions related to the sale or advertisement of merchandise.</p> <p>“Google has engaged in these deceptive and unfair acts and practices with the purpose of enhancing its ability to collect and profit from user-location information,” according to the 50-page complaint, <a href="https://www.azag.gov/sites/default/files/docs/press-releases/2020/complaints/Google_Complaint_FILED_5-27-2020.pdf" target="_blank" rel="noopener noreferrer">which was filed Wednesday</a> in the Maricopa County Superior Court. “And profited it has, to the tune of over $134 billion in advertising revenue in 2019 alone. On information and belief, hundreds of millions of dollars of these advertising revenues were generated from ads presented to millions of users in the State of Arizona.”</p> <p><a href="https://threatpost.com/newsletter-sign/"><img class="aligncenter wp-image-141989 size-full" src="https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg" alt="" width="700" height="50"></a></p> <p>Public consternation around Google’s data-collection policies was first set off by a 2018 Associated Press <a href="https://www.apnews.com/828aefab64d4411bac257a07c1af0ecb/AP-Exclusive:-Google-tracks-your-movements,-like-it-or-not" target="_blank" rel="noopener noreferrer">report</a>, which claimed that Google services that are prevalent on both Android and iOS phones all store location data. The report alleged that Google would track users’ data even when they opt out of Google’s Location History feature, which collects data in order to personalize Google Maps.</p> <p>This <a href="https://www.azag.gov/press-release/attorney-general-mark-brnovich-files-lawsuit-against-google-over-deceptive-and-unfair" target="_blank" rel="noopener noreferrer">most recent lawsuit</a> claims that Google’s alleged deceptive tactics extend beyond the issues with Location History highlighted by AP’s report. The redacted, public complaint claims that Google uses other means to bring in location data – including via Wi-Fi scanning and connectivity, diagnostic data and information from Google apps in “recent versions of Android.” This makes it impractical – and even impossible – for users to opt out of location tracking, the lawsuit alleges.</p> <p>“Given the lucrative nature of Google’s advertising business, the company goes to great lengths to collect users’ location, including through presenting users with a misleading mess of settings, some of which seemingly have nothing to do with the collection of location information,” said the lawsuit.</p> <p>According to Brnovich, these claims are based on both testimony from Google employees “given under oath” and from internal documents that were obtained from Google over the course of a nearly two-year investigation.</p> <p>Google, for its part, argued against the claims and told Threatpost that it looks forward “to setting the record straight.”</p> <p>“The Attorney General and the contingency-fee lawyers filing this lawsuit appear to have mischaracterized our services,” Google spokesperson Jose Castaneda told Threatpost. “We have always built privacy features into our products and provided robust controls for location data.”</p> <p>It’s far from the first time Google has found itself in hot water for its data-collection policies. The AP’s 2018 report led to a firestorm of complaints from both legal teams and activists – including a lawsuit filed in the <a href="https://www.documentcloud.org/documents/4777351-Gov-Uscourts-Cand-330787-1-0.html" target="_blank" rel="noopener noreferrer">federal court of California</a>, alleging that Google violates both California’s Constitutional Right to Privacy as well as California’s Invasion of Privacy Act.</p> <p>In 2019, Google was <a href="https://threatpost.com/google-fine-privacy-gdpr/141055/" target="_blank" rel="noopener noreferrer">slapped with a $57 million</a> (€50 million) fine for violations of the General Data Protection Regulation (GDPR) by France’s National Data Protection Commission (CNIL), for lacking transparency when it comes to how it collects and handles user data in the name of serving up personalized ads. And most recently, the <a href="https://threatpost.com/lawsuit-claims-google-collects-minors-locations-browsing-history/153134/" target="_blank" rel="noopener noreferrer">tech giant was hit with a lawsuit in February</a> that alleges that it has been covertly collecting data of students via its G Suite for Education program, which offers its productivity services to students for free.</p> <p>“This is a complicated and ongoing issue,” Thomas Hatch, CTO and co-founder at SaltStack, told Threatpost. “Large companies like Google have and will continue to push legal limits. That is to be expected. However, the technical nuance of this case makes it difficult to ascertain exactly how valid the arguments are. On one hand, it is good that governments are always pushing back on companies like Google in an ongoing effort to keep them in check. On the other hand, we must always question the motivations and viability of these cases.”</p> <p>The Arizona Attorney General lawsuit did not clarify how much in damages it is seeking from Google, only saying: “Arizona brings this action to put a stop to Google’s deceptive and unfair acts and practices; force Google to disgorge all profits, gains, gross receipts, and other benefits obtained for the period of time when it engaged in any unlawful practice; recover restitution for Arizona consumers; and impose civil penalties for Google’s willful violations of the Arizona Consumer Fraud Act.”</p> <p><strong><em>Concerned about the IoT security challenges businesses face as more connected devices run our enterprises, drive our manufacturing lines, track and deliver healthcare to patients, and more? On </em></strong><a href="https://attendee.gotowebinar.com/register/1837650474090338831?source=ART" target="_blank" rel="noopener noreferrer"><strong><em>June 3 at 2 p.m. ET</em></strong></a><strong><em>, join renowned security technologist Bruce Schneier, Armis CISO Curtis Simpson and Threatpost for a FREE webinar, </em></strong><a href="https://attendee.gotowebinar.com/register/1837650474090338831?source=ART" target="_blank" rel="noopener noreferrer"><strong><em>Taming the Unmanaged and IoT Device Tsunami</em></strong></a><strong><em>. Get exclusive insights on how to manage this new and growing attack surface. </em></strong><a href="https://attendee.gotowebinar.com/register/1837650474090338831?source=ART" target="_blank" rel="noopener noreferrer"><strong><em>Please register here</em></strong></a><strong><em> for this sponsored webinar.</em></strong></p> <footer class="c-article__footer"> <div class="c-article__footer__container"> <div class="c-article__footer__col"> <a href="#discussion" class="c-button c-button--secondary">Write a comment</a> </div> <div class="c-article__footer__col"> <div class="c-article__sharing"> <p><strong>Share this article:</strong></p> <nav class="c-nav-sharing"> <div class="social-likes social-likes_notext" data-title="Google Location Tracking Lambasted in Arizona Lawsuit" data-url="https://threatpost.com/google-location-tracking-arizona-lawsuit/156082/" data-counters="yes" data-zeroes="yes"><div class="facebook" title="Share via Facebook"></div> <div class="twitter" title="Share via Twitter"></div><div class="linkedin" title="Share via LinkedIn"></div> <div class="reddit" title="Share via Reddit"></div> <div class="flipboard" title="Share via Flipboard"></div> </div> </nav> </div> </div> </div> <div class="c-article__footer__container"> <div class="c-article__footer__col"></div> <div class="c-article__footer__col"> <ul class="c-list-categories"> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/mobile-security/">Mobile Security</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/privacy/">Privacy</a></li> </ul> </div> </div> </footer> </div>

A customer makes their payment with QR code in a supermarket. Getty The coronavirus is unlikely to halt the rapid advance of fintech firms in the emerging landscapes of Southeast Asia. Along the wa… [+4895 chars]

Fraudsters are known to make the most of vulnerabilities, and they have seized the opportunity presented by the crisis in the wake of the pandemic. Digital payments industry reports show that cases o… [+5599 chars]

LONDON (PRWEB)May 28, 2020 Leading IT provider, Softcat, has created a new guide focused on the importance of establishing a strong cyber security strategy. In the newly released guide, Softcats cy… [+2182 chars]

<div class="body gsd-paywall"><p>The 2020 Security 500 Survey is now<a href="https://www.securitymagazine.com/security-500-survey"> available online</a>, and we want your input!</p> <p>Why? Check out our top four reasons to participate in the Security 500:</p> <p>1) <strong>Benchmarking:</strong> As a survey participant, the database will be shared with you in a confidential benchmarking report containing metrics within your particular market sector. Determine where your department ranks in terms of:</p> <ul> <li>Brand Protection</li> <li>Business Resilience</li> <li>Corporate Security</li> <li>Cybersecurity</li> <li>Information Technology</li> <li>Intellectual Property Security</li> <li>Investigations and more</li> </ul> <p>2) <strong>Stay Confidential:</strong> The published report in the November 2020 issue of <em>Security</em> magazine (and online at SecurityMagazine.com) will not disclose your specific data or results, but detailed, key metrics will be provided in your own benchmarking report. Companies will not be disclosed.</p> <p>3) <strong>Networking:</strong> Participate in the Security 500 Survey and get your complimentary invitation to the Security 500 Conference, to be held on November 16 in Washington, DC. This peer-to-peer networking event hosts a variety of speakers and panels, including discussions on COVID-19 response, risk mitigation, crisis management and more.</p> <p>4) <strong>It’s FREE:</strong> We’re doing the work for you!! The <a href="https://www.securitymagazine.com/security-500-survey">survey</a>, the report, the November edition, and the Security 500 Conferences are all free to CSOs, Security Directors and security leaders.</p> <p>This is an opportunity to show that your security program is among the best in the world – Take a few moments to fill out the <a href="https://www.securitymagazine.com/security-500-survey">survey </a>or send it to the appropriate security leader at your enterprise. You never know: The results from this survey could give you the buy-in you need for your next project to keep the enterprise secure.</p> </div>

<div class="body gsd-paywall"><p>Sun Life Financial Inc. has <a href="https://www.prnewswire.com/news-releases/sun-life-announces-laura-money-as-new-chief-information-officer-301066365.html">announced</a> the appointment of Laura Money as Executive Vice-President and Chief Information Officer effective June 29, 2020 to continue the company's strong commitment to be a leader in technology solutions for clients and digital transformation journey.</p> <p>Sun Life is an international financial services organization providing insurance, wealth and asset management solutions to individual and corporate Clients.</p> <p>Laura is joining Sun Life from a major Canadian bank where she was SVP and CIO Corporate Centre Technology. As a leader focused on innovation that makes a difference to Clients, Laura has held various senior IT and business roles throughout her career in Canadian banking and a global consulting company. Her expertise has shone in leading IT transformation projects, business transformation projects, technology infrastructure groups, strategic planning and technology development.</p> <p>"We're excited to have Laura join our Sun Life team at such a pivotal and unprecedented time during our digital journey," said Dean Connor, President and CEO of Sun Life. "We've made significant progress in digitizing our business. I know that Laura will help us to accelerate on that path as we continue to deliver innovative ways of meeting and anticipating Client needs. Our focus on investing in technology over the years has been a tremendous benefit in continuing to serve our Clients in an uninterrupted way and this shift to everything digital is an outcome from the pandemic that is here to stay."</p> <p>Laura will report to Kevin Strain, Chief Financial Officer and Executive Vice-President, Sun Life. She succeeds Mark Saunders, EVP and Chief Information Officer, who announced his plans to retire at the end of April next year. Mark will support Laura in her transition to CIO and continue to lead in areas including real estate, procurement and shared business services as they evolve in the coming year. Mark will be leaving Sun Life as a recognized industry veteran with 12 years with the company next year, a CIO of the year in Canada in 2018 and more than three decades in technology leadership. Most recently, Mark oversaw the business continuity efforts that allowed Sun Life to seamlessly transition 95 percent of Employees globally to work from home and continue to support Clients successfully.</p> <p>"I want to thank Mark for his countless contributions to Sun Life and welcome Laura to our team," said Kevin Strain, CFO and EVP, Sun Life. "Mark took technology to new levels of innovation for our Clients and Employees. Laura will build upon this momentum so we can continue to stand out in our industry for our mobile apps, digital coaches, virtual health care, mental health navigator, global advisor apps and much more to come. We're focused on our company purpose of helping our Clients achieve lifetime financial security and live healthier lives – which is more important than ever before during these difficult and physically contactless times."</p> </div>

<div class="body gsd-paywall"><p>Although the Centers for Medicare and Medicaid Services (CMS), Federal Bureau of Investigation (FBI), Internal Revenue Service (IRS), and Social Security Administration (SSA) each established requirements to secure data that states receive, these requirements often had conflicting parameters, says the U.S. Government Accountability Office (GAO) in a new <a href="https://www.gao.gov/products/GAO-20-123">report</a>. </p> <p>According to GAO, such parameters involve agencies defining specific values like the number of consecutive unsuccessful logon attempts prior to locking out the user. Among the four federal agencies, the percentage of total requirements with conflicting parameters ranged from 49 percent to 79 percent, GAO found.</p> <p>Regarding variance with National Institute of Standards and Technology guidance, GAO found that the extent to which the four agencies did not fully address guidance varied from 9 percent to 53 percent of total requirements. The variances were due in part to the federal agencies' insufficient coordination in establishing requirements, says GAO.</p> <p>Although the Office of Management and Budget's (OMB) Circular A-130 requires agencies to coordinate, OMB has not ensured that agencies have done so. Further, while federal agencies' variance among requirements may be justified in some cases because of particular agency mission needs, the resulting impact on states is significant, according to state chief information security officers (see figure).</p> <p><img alt="GAO" src="/ext/resources/rId14_image2.png" style="width: 650px; height: 326px;"></p> <p>The four federal agencies that GAO reviewed either fully or partially had policies for coordinating assessments with states, but none of them had policies for coordinating assessments with each other. State chief information security officers that GAO surveyed reinforced the need to coordinate assessments by identifying impacts on state agencies' costs, including multiple federal agencies that requested the same documentation.</p> <p>Coordinating with state and federal agencies when assessing state agencies' cybersecurity may help to minimize states' cost and time impacts and reduce associated federal costs, notes the report. Federal agencies reported spending about $45 million for fiscal years 2016 through 2018 on assessments of state agencies' cybersecurity, says GAO. </p> <h2>Recommendations for Executive Action</h2> <ol> <li> <p title="Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken."><strong>Recommendation</strong>: The Director of OMB should ensure that CMS, FBI, IRS, and SSA are collaborating on their cybersecurity requirements pertaining to state agencies to the greatest extent possible and direct further coordination where needed. </p> <p><strong>Agency Affected</strong>: Executive Office of the President: Office of Management and Budget</p> </li> <li> <p><strong>Recommendation</strong>: The Director of OMB should take steps to ensure that CMS, FBI, IRS, and SSA coordinate, where feasible, on assessments of state agencies' cybersecurity, which may include steps such as leveraging other agencies' security assessments or conducting assessments jointly. </p> <p><strong>Agency Affected</strong>: Executive Office of the President: Office of Management and Budget</p> </li> <li> <p><strong>Recommendation</strong>: The Administrator of CMS should, in collaboration with OMB, solicit input from FBI, IRS, SSA, and state agency stakeholders on revisions to its security policy to ensure that cybersecurity requirements for state agencies are consistent with other federal agencies and NIST guidance to the greatest extent possible and document CMS's rationale for maintaining any requirements variances.</p> <p><strong>Agency Affected</strong>: Department of Health and Human Services: Centers for Medicare and Medicaid Services</p> </li> <li> <p title="Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken."><strong>Recommendation</strong>: The Administrator of CMS should revise its assessment policies to maximize coordination with other federal agencies to the greatest extent practicable. </p> <p><strong>Agency Affected</strong>: Department of Health and Human Services: Centers for Medicare and Medicaid Services</p> </li> <li> <p><strong>Recommendation</strong>: The FBI Director should, in collaboration with OMB, solicit input from CMS, IRS, SSA, and state agency stakeholders on revisions to its security policy to ensure that cybersecurity requirements for state agencies are consistent with other federal agencies and NIST guidance to the greatest extent possible. </p> <p><strong>Agency Affected</strong>: Department of Justice: Federal Bureau of Investigation</p> </li> <li> <p title="Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken."><strong>Recommendation</strong>: The FBI Director should fully develop policies for coordinating with state agencies on the use of prior findings from relevant cybersecurity assessments conducted by other organizations. </p> <p><strong>Agency Affected</strong>: Department of Justice: Federal Bureau of Investigation</p> </li> <li> <p title="Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken."><strong>Recommendation</strong>: The FBI Director should revise its assessment policies to maximize coordination with other federal agencies to the greatest extent practicable. </p> <p><strong>Agency Affected</strong>: Department of Justice: Federal Bureau of Investigation</p> </li> <li> <p><strong>Recommendation</strong>: The IRS Commissioner should, in collaboration with OMB, solicit input from CMS, FBI, SSA, and state agency stakeholders on revisions to its security policy to ensure that cybersecurity requirements for state agencies are consistent with other federal agencies and NIST guidance to the greatest extent possible. </p> <p><strong>Agency Affected</strong>: Department of the Treasury: Internal Revenue Service</p> </li> <li> <p><strong>Recommendation</strong>: The IRS Commissioner should revise its assessment policies to maximize coordination with other federal agencies to the greatest extent practicable. </p> <p><strong>Agency Affected</strong>: Department of the Treasury: Internal Revenue Service</p> </li> <li> <p><strong>Recommendation</strong>: The Commissioner of SSA should, in collaboration with OMB, solicit input from CMS, FBI, IRS, and state agency stakeholders on revisions to its security policy to ensure that cybersecurity requirements for state agencies are consistent with other federal agencies and NIST guidance to the greatest extent possible and document the SSA's rationale for maintaining any requirements variances. </p> <p><strong>Agency Affected</strong>: Social Security Administration</p> </li> <li> <p><strong>Recommendation</strong>: The Commissioner of SSA should fully develop policies for coordinating with state agencies on the use of prior findings from relevant cybersecurity assessments conducted by other organizations. </p> <p><strong>Agency Affected</strong>: Social Security Administration</p> </li> <li> <p><strong>Recommendation</strong>: The Commissioner of SSA should revise its assessment policies to maximize coordination with other federal agencies to the greatest extent practicable.</p> </li> </ol> </div>

<div class="body gsd-paywall"><p>Probationary employees—generally those with less than 1 or 2 years of federal service—can be especially vulnerable to reprisal because they have fewer protections from adverse personnel actions, including termination, the Government Accountability Office (GAO) <a href="https://www.gao.gov/assets/710/707220.pdf">found</a>. </p> <p>GAO found that existing data are not sufficient to determine if the rates of filing whistleblower disclosures, retaliation complaints, or both vary by probationary status. The average annual number of probationary and permanent federal employees from fiscal years 2014 to 2018 was approximately 1.9 million employees.</p> <p>Over this time frame, an average of approximately 2,800 employees—about 0.15 percent—filed complaints each year, says GAO. "Existing data were not sufficient to determine probationary status of employees for over 18 percent of each year’s complaints. Therefore, it is not possible to determine whether probationary employees file at lower, comparable, or higher rates than their prevalence in the overall employee population," notes the report. Specifically, probationary employees represented about 13.5 percent, on average, of the federal workforce, and GAO estimates that they filed from 6.6 percent to 18.2 percent of complaints.</p> <p>GAO estimates suggest that both permanent and probationary employees who filed complaints were consistently terminated at higher rates than federal employees government-wide. For example, in fiscal year 2018, the termination rate for probationary employees government-wide was 1.1 percent, while the lowest estimated rate of termination among probationary employees who filed a complaint was 10.1 percent. For permanent employees, the overall termination rate was 0.3 percent, while the lowest estimated rate for filers was 2.9 percent.</p> <p>GAO estimates also suggest that probationary employees who filed complaints were terminated at higher rates than permanent employees who did the same. For example, in fiscal year 2018:</p> <ul> <li>The lowest estimated termination rate for probationary employees who filed whistleblower disclosures (10.1 percent) exceeded the maximum estimated rate for permanent employees who did the same (5.2 percent).</li> <li>The lowest estimated termination rate for probationary employees who filed retaliation complaints (17.4 percent) exceeded the maximum estimated rate for permanent employees who did the same (9.9 percent).</li> <li>The lowest estimated termination rate for probationary employees who filed both types (14.1 percent) exceeded the maximum estimated rate for permanent employees who did the same (13.2 percent).</li> </ul> <p>The Office of Special Counsel’s (OSC) complaint form allows but does not require complainants to identify whether they are probationary or permanent employees when filing a whistleblower disclosure or retaliation complaint. OSC officials said they try to limit mandatory data fields to the information that is necessary for processing a case, and that they have no plans to do any analysis of employees in their probationary period who file claims.</p> <p>However, the higher rates of termination GAO found for filers generally, and probationary employees specifically, suggests that there could be a risk of unequal treatment. Without first identifying probationary employees who file whistleblower claims, OSC would lack complete data should it decide at some point to analyze the effect of probationary status on filers. Collecting and maintaining such data on every claimant would provide OSC or other entities the ability to analyze termination rates or other issues related to a whistleblower’s probationary status, says GAO. </p> </div>

<div class="body gsd-paywall"><p>To bolster the resilience of the Global Positioning System (GPS) and the wide scope of technologies and services that rely on precision timing, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) is requesting information from the public about the broad use of positioning, navigation and timing (PNT) services, as well as the cybersecurity risk management approaches used to protect them.</p> <p>The request, posted in the <em><a href="https://www.federalregister.gov/documents/2020/05/27/2020-11282/profile-of-responsible-use-of-positioning-navigation-and-timing-services">Federal Register</a>,</em> is part of NIST’s response to the Feb. 12, 2020, <a href="https://www.federalregister.gov/documents/2020/02/18/2020-03337/strengthening-national-resilience-through-responsible-use-of-positioning-navigation-and-timing">Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services</a>. </p> <p>“GPS and PNT are critical and essential components of the U.S. economy,” said Department of Commerce Secretary Wilbur Ross. “It is imperative that our GPS and PNT systems be fully secure and able to withstand cyber incursions. Following President Trump’s executive order, the government will continue to test the nation’s critical GPS and PNT systems, develop pilot programs to enhance their resilience, and incorporate the best technologies, software and services to safeguard the security and vitality of this crucial infrastructure.”</p> <p>The order notes that “the widespread adoption of PNT services means disruption or manipulation of these services could adversely affect U.S. national and economic security. To strengthen national resilience, the Federal Government must foster the responsible use of PNT services by critical infrastructure owners and operators.” </p> <p>“Location and timing-based services have become part of the lifeblood of our economy,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter G. Copan. “Not only do we depend upon accurately synchronized GPS satellites to guide us in navigation, but we rely on precision timing to coordinate electricity distribution, synchronize global communications networks, and generate reliable weather forecasts. Securing these PNT-based systems against cyberattack is crucially important for our way of life.”</p> <p>This request, aimed primarily at technology vendors and users of PNT services, contains questions designed to elicit a wide-ranging picture of how PNT is used across different sectors of the economy. NIST will use the answers to inform the creation of a profile document intended to improve the resilience of PNT technologies and services. This document will join the growing list of profiles made to help apply the <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="d93e537b-1852-4185-a8e4-b5ea1fe460de" href="https://www.nist.gov/cyberframework" title="Cybersecurity Framework">NIST Cybersecurity Framework</a> to particular economic sectors, such as <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="ccc74fea-5921-422d-ac0d-30dfc365f24b" href="https://www.nist.gov/publications/cybersecurity-framework-manufacturing-profile-0" title="Cybersecurity Framework Manufacturing Profile">manufacturing</a>, the <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="3a45bcff-3026-4af3-a45a-850e87d5a40a" href="https://www.nist.gov/publications/cybersecurity-framework-smart-grid-profile" title="Cybersecurity Framework Smart Grid Profile">power grid</a> and the <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="412d6cfb-0ea7-4aa2-8d51-d27f7979515f" href="https://www.nist.gov/news-events/news/2016/11/new-cybersecurity-framework-profile-help-ensure-safe-transfer-hazardous" title="New Cybersecurity Framework “Profile” to Help Ensure Safe Transfer of Hazardous Liquids at Ports">maritime industry</a>. </p> <p>NIST is accepting responses to the request until July 13, 2020. For more information, including instructions on how to submit responses by mail or electronically, visit the <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="9ca665b7-0163-4fd5-a923-b48f7d6c4a80" href="https://www.nist.gov/itl/pnt" title="Responsible Use of Positioning, Navigation and Timing Services">PNT page on the NIST website</a>. Relevant comments will be posted to the page after the response period closes.  </p> <p>NIST plans to release an initial draft of its PNT profile document this summer. The agency also will solicit public comments on this initial draft before publishing a final version on or before Feb. 12, 2021. </p> </div>

Adtech firm tribeOS launched shares in its company as tokenized securities via GSX Group’s GRID platform. According to an announcement shared with Cointelegraph on May 27, the shares were already cr… [+2003 chars]

Communities are now more important than ever. Member of local communities look to their leaders to provide guidance and mentorship on how to build AWS skills, solve technical problems, and grow their… [+15814 chars]

DENVER, Colo.--(BUSINESS WIRE)--SKIDATA Inc., the worlds leading provider of solutions to manage access to parking facilities, ski resorts, and stadiums, has introduced the worlds most advanced commo… [+2375 chars]

CLOSE MLA , . "The new AP Stylebook includes 100 technology terms, guidance on gender-neutral language, and a chapter on digital security." Nieman Journalism Lab. Nieman Foundation for Journalism a… [+1216 chars]

None

Journalists longing for their newsrooms tattered copy of the AP Stylebook, or just, you know, their newsrooms, might be happy to know that when they do eventually return, a brand new stylebook could … [+1794 chars]

#################################################################### # Exploit Title : NextgenUSCorp Authentication Bypass # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Sec… [+4339 chars]

#################################################################### # Exploit Title : Upturn Smart Online Exam System Mayuri Authentication Bypass # Author [ Discovered By ] : KingSkrupellos # Te… [+4650 chars]

#################################################################### # Exploit Title : School Sports Promotion Foundation Sspf India Authentication Bypass # Author [ Discovered By ] : KingSkrupello… [+4954 chars]

#################################################################### # Exploit Title : WebIndiaServices Team Authentication Bypass # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Dig… [+4247 chars]

#################################################################### # Exploit Title : Gangotri Group Shubham Srivastava Authentication Bypass # Author [ Discovered By ] : KingSkrupellos # Team : … [+4686 chars]

#################################################################### # Exploit Title : Chamilo © 2020 Campus v1 ElFinder Backdoor Access Shell Upload Vulnerability # Author [ Discovered By ] : King… [+8847 chars]