Pete Recommends Weekly highlights on cyber security issues March 15, 2020

Subject: U.S. Govt. Makes it Harder to Get .Gov Domains
Source: Krebs on Security

The federal agency in charge of issuing .gov domain names is enacting new requirements for validating the identity of people requesting them. The additional measures come less than four months after KrebsOnSecurity published research suggesting it was relatively easy for just about anyone to get their very own .gov domain.In November’s piece It’s Way Too Easy to Get a .gov Domain Name, an anonymous source detailed how he obtained one by impersonating an official at a small town in Rhode Island that didn’t already have its own .gov.

While what my source did was technically wire fraud (obtaining something of value via the Internet through false pretenses), cybercriminals bent on using fake .gov domains to hoodwink Americans likely would not be deterred by such concerns.


Tags: .gov, Cybersecurity and Infrastructure Security Agency, John Levine, The Internet for Dummies, U.S. Department of Homeland Security, U.S. General Services Administration

Subject: The Case for Limiting Your Browser Extensions
Source: Krebs on Security

Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who’d edited the Web site in the past month.The incident is a reminder that browser extensions — however useful or fun they may seem when you install them — typically have a great deal of power and can effectively read and/or write all data in your browsing sessions. And as we’ll see, it’s not uncommon for extension makers to sell or lease their user base to shady advertising firms, or in some cases abandon them to outright cybercriminals.

The health insurance site was compromised after an employee at the company edited content on the site while using a Web browser equipped with a once-benign but now-compromised extension which quietly injected code into the page.

Tags: 212b3d4039ab5319ec.js, Blue Shield of California, cndpps,, [email protected], icontent, linkojager, metrext, monetizus, Page Ruler extension, Peter Newnham, thisadsfor

This entry was posted on Tuesday, March 3rd, 2020 at 10:39 am and is filed under Breadcrumbs

Sample RSS feed:

Subject: How To Tell If Your Smart Home Security Camera Is Hacked
Source: Digital Trends

I’m talking about your security camera being hacked. Hacks are an ongoing battle, as evident in the numerous stories about hackers gaining unauthorized access to indoor cameras and creeping out people.

I spoke to a former hacker turned security expert to ask why these hacks are happening in the first place, and spoke with engineers who’ve worked on a mechanical privacy shutter, to get a clearer picture of what needs to be done to reinstate confidence in security cameras.

So, how would you know you’ve been hacked? Here are the most common signs.



Editors’ Recommendations

Subject: Dressing for the Surveillance Age
Source: The New Yorker via beSpacific

The New Yorker – As cities become ever more packed with cameras that always see, public anonymity could disappear. Can stealth streetwear evade electronic eyes? By John Seabrook: “…Advances in computer vision have occurred so rapidly that local and national privacy policies—what aspects of your face and body should be protected by law from surveillance machines—are lagging far behind A.I.’s technological capabilities, leaving the public vulnerable to a modern panopticon, a total-surveillance society that could be built before we know enough to stop it. Chris Meserole, a foreign-policy fellow at the Brookings Institution who studies China’s use of face recognition and other surveillance technologies—widely deployed as part of Xi Jinping’s “stability maintenance” drive—told me that policymakers in the States haven’t, so far, created governing structures to safeguard citizens. And, he added, “in the U.S., the government hasn’t thought to use it yet the way that China has.”

beSpacific Subjects: AI, Civil Liberties, E-Records, Government Documents, Legal Research, Legislation, Privacy, Social Media

Published in the print edition of the March 16, 2020, issue, with the headline “Adversarial Man.”

Subject: The best, and the worst, of the coronavirus dashboards
Source: MIT Technology Review via beSpacific

MIT Technology Review – There are dozens of sites that show you how coronavirus is spreading around the world. Here is our ranking. “If you’ve been on the web to learn more about the latest pandemic, chances are you’ve stumbled upon at least one or two coronavirus dashboards. These are the landing pages for interactive maps and visuals that show where the virus has spread, as well as numbers on the latest in infection rates and deaths, breakdowns of what countries are suffering from new cases and what regions are likely seeing new outbreaks, and much more. Not all dashboards are created equal, nor do all people have access to the same dashboards (for instance, US sanctions prevent Iranians from accessing the one run by Johns Hopkins University). Some present data you won’t find elsewhere. Some are easier to navigate than others. Some are simply much more stunning to look at…”

beSpacific Subjects: Health Care, Internet, Knowledge Management

Subject: Tips to Avoid Coronavirus Financial Scams
Source: PA Dept. of Banking and Securities

Harrisburg, PA – As the nation continues to respond to the coronavirus (COVID-19), the Department of Banking and Securities is urging Pennsylvanians to be wary of potential financial scams trying to take advantage of the situation.“Consumers should be on alert for increased fraud during major events such as the outbreak of COVID-19,” said Acting Secretary Richard Vague. “Scams are becoming increasingly more sophisticated and scam artists are taking advantage of people, making every attempt to separate you from your hard-earned money.”

Consumers should be vigilant about protecting their finances and should not share financial or other sensitive information with anyone contacting you unsolicited. Consumers and businesses cannot afford to take every financial opportunity or transaction at face value.

“We all wish we could expect everyone to act with integrity and credibility, but too many scam artists prey on our good intentions to trust,” said Acting Secretary Vague. “Scam artists are manipulative and all of us must remain ever vigilant. With a few simple precautions, you can help detect and prevent this from happening to you or a loved one.”

Frequent characteristics of scams include…

Subject: More than half of Americans want money, control in exchange for genetic data
Source: Penn State University Newswire

UNIVERSITY PARK, Pa. — As people become more aware of privacy concerns and the ways in which genomic database companies are profiting from their data, their expectations for compensation and control may increase, according to researchers at Penn State and Cornell University.“As human genomic data collection rises, the organizations responsible for managing these data are developing and refining their internal policies and protocols related to data end uses, transparency and security, for example,” said Forrest Briscoe, professor of management and organization, Penn State. “In a survey of more than 2,000 people, we found that the majority of respondents clearly prefer a more transparent and participant-centric governance approach that gives them more control, confidence and compensation.”

The researchers created a survey based on in-depth field interviews with officials and employees who were involved in genomic governance at 12 different organizations. They recruited 2,020 participants — representative of the U.S. population — through Qualtrics to participate in the survey and provided them with mainstream media coverage of genomic database companies. The results appear today (March 11, 2020) in PLOS ONE.

“Our results suggest that as public awareness grows regarding the commercial aspects and privacy issues of genomic databases, individuals’ expectations for compensation in exchange for data provision may rise,” said Briscoe.

Subject: Digital security best practices for working remotely
Source: Penn State University News

As we shift to remote learning and as some members of the university community begin working from home, it is important to remember that handling Penn State data outside of our typical workspaces presents unique challenges. Taking a few additional security precautions when working remotely can help to keep Penn State’s valuable information secure. Here are some steps you can take to enhance security…

Subject: How US spies are tracking the coronavirus pandemic
Source: CNNPolitics

Who is gathering the intel?
Much of the information flowing from the intelligence community on the current crisis comes from a little-known branch of the Defense Intelligence Agency called the National Center for Medical Intelligence, Clapper added. The NCIM is a unique outfit that combines wide-ranging, advanced medical expertise with intelligence gathering and assessments.

To get the most accurate picture of how the coronavirus is impacting a country, intelligence analysts are using a variety of tools, the most prominent of which are human intelligence, signals intelligence and satellite imagery. What kind of access agencies and spies have in a country will dictate what combination of tools are used.

“The art form here is melding the various sources into an assessment which will vary from country to country,” said Clapper.

Subject: Enterprise VPN Security

Summary – As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network. As organizations elect to implement telework, the Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations to adopt a heightened state of cybersecurity…

Subject: The Cyberspace Solarium Commission Report
Source: Cyberspace Solarium Commission via beSpacific

“Today marks the launch of the official report of the Cyberspace Solarium Commission. It is available here, and we urge you to read it in full. Meanwhile, here at Lawfare we will be posting a series of commentaries on various highlights from the report, starting today after the report is released and continuing into next week.beSpacific Subjects: Cybercrime, Cybersecurity, Government Documents



Posted in: AI, Civil Liberties, Cybersecurity, Education, Healthcare, Internet Trends, KM, Privacy, Search Engines, Social Media, Viruses & Hoaxes