Has Your Data Been Leaked to the Dark Web?

source:  cyberdefensemagazine.com

The part of the internet not indexed by search engines is referred to as the Dark Web. The Dark Web is however frequently misunderstood. The Dark Web is a network of forums, websites, and communication tools like email. What differentiates the Dark Web from the traditional internet is that users are required to run a suite of tools such as the Tor browser that assists in hiding web traffic. The Tor browser routes a web page request through a series of proxy servers operated by thousands of volunteers around the globe that renders an IP address untraceable.

The Dark Web is used for both illegal and respected activities. Criminals exploit the Dark Web’s anonymity to sell drugs and guns. Organizations like Facebook and the United Nations use the Dark Web to protect political and religious dissidents in oppressive nations. Legitimate actors like law enforcement organizations, cryptologists, and journalists also use the Dark Web to be anonymous or investigate illegal activities.

A 2019 study, Into the Web of Profit, conducted by Dr. Michael McGuires at the University of Surrey, shows that the number of Dark Web listings that could harm an enterprise has risen by 20% since 2016. Of all listings (excluding those selling drugs), 60% could potentially harm enterprises.

Continue reading “Has Your Data Been Leaked to the Dark Web?”

 

All the Ways Slack Tracks You—and How to Stop It

source: wired.com

 

From changing privacy settings to putting limits on those infuriating notifications, here’s how to take control of Slack.

THE GLOBAL REMOTE work experiment shows no sign of ending anytime soon. As Europe struggles to contain a deadly second wave of Covid-19, many forward-looking companies have confirmed that their employees will largely be working from home for at least the first quarter of 2021. That means that Slack, Microsoft Teams, and Zoom will continue to dominate the lives of office workers.

As you settle down for a long, cold winter of trying to ignore Slack, it’s important to get things in order. From changing privacy settings to putting some limits on those infuriating notifications, here’s how to get some control over Slack.

Slack’s Data Collection

Slack’s business model is very different from the tracking- and advertising-heavy setups of Google and Facebook. Slack makes money by selling premium-tier subscriptions, though there are also free accounts that have limits placed upon them.

Upcoming S&T Guidance Will Improve Critical Infrastructure Resilience

source:  dhs.gov (contributed by Artemus FAN, Alicia Jones


It is easy to understand the importance of our “critical infrastructure,” such as telecommunications, energy, transportation, and emergency services, but what’s often overlooked are the underlying technologies that enable them. One such technology is Position, Navigation, and Timing (PNT) services, a national critical function powering many of the critical infrastructure sectors that enable modern society.

PNT is primarily provided through the Global Positioning System (GPS) and other Global Navigation Satellite Systems (GNSS). PNT is not just used for navigation, though. It also provides precision timing information that enables critical functions within telecommunication networks and the power grid. However, these PNT services are susceptible to interference such as GPS jamming and spoofing, which pose a risk to critical infrastructure. What was once an emerging risk is quickly becoming a pressing issue, with industry reporting a growing trend in the past two years of prominent PNT disruption events around the world. As the technological barriers to conducting these activities continue to fall, it becomes even more important to ensure our critical infrastructure is resilient to PNT disruptions.

Continue reading “Upcoming S&T Guidance Will Improve Critical Infrastructure Resilience”

Don’t give your information to marketers who might pelt you with spam or even expose you to a potential hack. Use Abine Blur instead.

source: fastcompany.com

Over the summer, I came across an online store that was promising big discounts on All-Clad cookware, but with a catch: You had to hand over an email address just to see what the deals were.

This would have given me pause if not for a secret weapon: I loaded up a service called Abine Blur and generated a free “masked email” address to use instead of my real one. While the masked email would still forward messages to my actual Gmail inbox, the store would never learn my real address, and I could cut off any future emails with one click.

I started using Abine Blur about five months ago, after hearing about it from one of my newsletter readers, and it’s since become one of my most cherished privacy services. With masked email addresses, I don’t have to worry about getting spammed just because I signed up for an app, made a donation, or subscribed to some retailer’s newsletter in exchange for a coupon. I just tell Abine Blur to stop forwarding their emails, and our link is severed.

Continue reading “This Free Service Is a Genius Way to Foil Spam…”

 

 

The world’s largest surveillance system is growing—and so is the backlash

source: fortune.com

 

China already has the world’s largest surveillance network; it deploys over half of all surveillance cameras in use around the world. Now, a new report shows just how fast that system is expanding.

ChinaFile, which operates as a nonprofit organization and works with a network of China-focused analysts and researchers, published the stand-alone State of Surveillance report after reviewing 76,000 publicly available government procurement orders of surveillance technologies from 2004 to May 2020. The report provides a comprehensive look at the scale of China’s surveillance program; Beijing does not widely publicize such information through other means.

The report showcases China’s yearslong push to become a global surveillance superpower.

Continue reading “The world’s largest surveillance system”

Harvesting Energy as you Move: The Future of Wearable Technology

source:  azonano.com

contributed by Artemus FAN, Steve Jones

EPSRC Doctoral Prize Fellow, Dr Ishara Dharmasena, speaks to AZoNano about their groundbreaking triboelectric nanogenerator (TENG) technology that has the potential to convert our movements into electricity.

 

How did you begin your research into energy harvesting technology?

I was interested in renewable energy technologies and their impact on our lifestyle and the environment since my undergraduate years back in Sri Lanka. However, it was during my PhD project at the University of Surrey that I started researching energy harvesting technologies, specifically those that have the potential to convert human motion into electricity such as the triboelectric nanogenerator (TENG) technology.

Following the completion of my PhD project, I started TENG energy harvesting activities at Loughborough University, focusing on the design and application aspects of TENGs toward powering the next generation of portable and smart electronics.

What are triboelectric nanogenerators (TENGs) and how are they revolutionary in the energy industry?

Triboelectric nanogenerators (TENG) are small-scale energy generators that can convert the energy from movements in our surroundings (e.g. human motion, machine vibrations, vehicle movements, wind, and wave energy) into electricity.

These generators work based on the combination of two common effects – “triboelectric charging” and “electrostatic induction”. Triboelectric charging or static charging is typically an undesired effect we experience in everyday life. Static charging is the reason why a balloon rubbed on our hair can stick to a wall or attract small pieces of paper, while it also causes lightening, and, clothing to stick to our skin on a dry day.

Continue reading “Harvesting Energy as you Move: The Future of Wearable Technology”

 

 

 

 

 

 

 

Three Critical Threats on the Horizon You Need to Prepare For

source: securityweek.com

October was National Cyber Security Awareness Month, which served as an important annual reminder for organizations to never let their guard down when it comes to protecting access to data. The most recent wave of data breaches (e.g., Simon Fraser University, TwitterUniversal Health Services, and Shopify) demonstrate that cyber adversaries no longer need to ‘hack’ in — instead they can log in using weak, stolen, or phished credentials. This takes on increased significance when it comes to privileged credentials, such as those used by IT administrators to access critical infrastructure. These types of credentials are estimated to be involved in 80% of data breaches. 

Today’s dynamic threatscape requires security professionals to adjust to an ever-expanding attack surface. It doesn’t matter where the data they need to protect resides, or who is ultimately trying to access the data — be it human or a machine. What counts is that they minimize the risk of data exfiltration. Period.

Continue reading “Three Critical Threats on the Horizon You Need to Prepare For”

What South Pole scientists can teach us about surviving a long, dark COVID-19 winter


source:  fastcompany.com

Each year, roughly 40 people choose to spend winter at the South Pole. Here’s what they can teach you about handling a cold, isolated COVID-19 winter.

As temperatures fall over the U.S. and COVID-19 infection rates continue to spike, the prospect of an isolated winter looms. Fewer daylight hours, separation from friends and family, and limited options for excursions and entertainment make the coming months seem bleak.

However, each year, a group of roughly 40 people plunge themselves into frigid temperatures, darkness, and isolation. And they do it by choice. In a routine called “winterovers” at the South Pole’s IceCube Neutrino Observatory, this international group of scientists keeps the first-of-its-kind station running during the brutal winter months, when the average temperature can be -80 degrees Fahrenheit. The observatory uses the South Pole’s ice to observe subatomic particles called neutrinos, which provide information about cosmic events such as exploding stars and phenomena such as dark matter.

Continue reading “What South Pole scientists can teach us about surviving a long, dark COVID-19 winter”

source:  cyware.com

25 Vulnerabilities Chinese APT Groups Are Chasing Right Now

 

Cybercriminals are consistently scanning and exploiting publicly available security bugs. Recently, the National Security Agency (NSA) has published a 

report , detailing the top 25 vulnerabilities exploited by hackers, urging organizations in the U.S. public and private sectors to prioritize for action.

The top 25 vulnerabilities

According to the report, Chinese state-sponsored hackers were seen abusing these vulnerabilities to launch strategic hacking operations against a multitude of victim networks.
  • Most of these vulnerabilities belong to products related to remote access or external web services. Such products, accessible via the internet, are often exploited to gain initial access inside the victim’s network.
  • Exploits in the enterprise products including gateways (including Citrix ADC and Gateway, Symantec Messaging Gateway), VPN (Pulse Secure VPN), load balancers (F5 BIG-IP), etc. could provide direct remote access to the attackers.
  • Several vulnerabilities in the list target Windows OS and its services, such as Remote Desktop Services (Blukeep vulnerability), Netlogon (Zerologon), DNS server (SigRed), etc.
  • Additional products include business applications such as email servers (such as Microsoft Exchange, Exim mail), and application servers (such as Oracle WebLogic, Zoho ManageEngine, Adobe ColdFusion), that are being targeted by Chinese hackers.

Recent exploitation of these flaws

Not only Chinese hackers but several other low-level malware groups, ransomware gangs, and other state-sponsored hackers (including Russia, and Iran) were seen exploiting the above-mentioned vulnerabilities.
  • Threats actors such as TA505MuddyWater, and Ryuk were seen abusing the ZeroLogon vulnerability (CVE-2020-1472) to target public and private sector organizations.
  • Hackers were seen combining VPN (CVE-2019-11510) and Windows bugs to gain access to government networks, for which CISA and the FBI had issued prior warnings.
  • F5 BIG-IP (CVE-2020-5902), and Pulse Secure VPN servers (CVE-2019-11510) were also recently targeted by hackers.
  • In September, Iranian hacking group Pioneer Kitten was seen taking advantage of several unpatched vulnerabilities (CVE-2020-5902, CVE-2019-11510, and CVE-2019-19781) to target U.S. businesses and federal agencies.

The bottom line

The exploitation of such vulnerabilities could lead to the compromise of sensitive information related to a country’s policies, strategies, plans, and competitive advantage. Fortunately, all the vulnerabilities listed by researchers have patches available from their vendors. Thus, users are recommended to patch these and all other known vulnerabilities to avoid any undue risks to their infrastructure.

 

 

 

Find out if you can meet all your needs within a 15-minute walk from your house.

source:  fastcompany.com

In a “15-minute city,” it’s possible to meet your basic needs within a 15-minute walk or bike ride. Instead of sitting in traffic during a rush-hour commute, you can work at home or walk to an office nearby. You can walk to get groceries, go to the doctor, take your kids to school, or run any other everyday errand. Housing is affordable, so a barista could live in a walkable neighborhood as easily as a lawyer. It’s a concept championed by the mayor of Paris and, more recently, pitched by a global network of cities as a tool for helping urban areas recover from the pandemic—and improve sustainability and health as people start to get more exercise while conducting their day-to-day activities.

In the U.S., car-dependent sprawl is more common. But a new tool lets you map out local services to see how close your neighborhood comes to the ideal.

 

Click here to try out the tool:

https://app.developer.here.com/15-min-city-map/

“The global pandemic has highlighted the importance of location and proximity,” says Jordan Stark, a spokesperson for Here Technologies, the location data platform that created the map. The company typically creates maps for businesses, such as delivery companies that need to route vehicles, and built the new tool to demonstrate how developers could work with its data. While the current version maps out amenities like grocery stores, transit stops, and medical care—along the lines of Walkscore, another tool—the company says it might later create an iteration that considers how far residents might have to travel to get to an office.

The map also shows how many services can be accessed by car from an address. “We wanted to show, especially in the U.S., the contrast in the accessibility between walking and driving,” Stark says. “And as you can imagine, there are a number of communities where you have all of your essential items within a 15-minute drive, but potentially less than one essential location in a walk. So it was a way to show that contrast in spatial makeup.”

While pockets of American cities are walkable now—the map tells me that my own neighborhood in Oakland qualifies as a “15-minute city”—it’s possible that more neighborhoods will move in this direction as cities begin to use it as a framework for urban planning. Seattle’s Office of Planning and Community Development is one of the latest to say that it is exploring the concept of 15-minute neighborhoods.

“We wanted to show, especially in the U.S., the contrast in the accessibility between walking and driving,”