Archive of ‘Cybersecurity’ category

Cybersecurity Risks in schools

FBI Warns Educators and Parents About Edtech’s Cybersecurity Risks

By Tina Nazerian     Sep 14, 2018

https://www.edsurge.com/news/2018-09-14-fbi-warns-educators-and-parents-about-edtech-s-cybersecurity-risks

The FBI has released a public service announcement warning educators and parents that edtech can create cybersecurity risks for students.

In April 2017, security researchers found a flaw in Schoolzilla’s data configuration settings. And in May 2017, a hacker reportedly stole 77 million user accounts from Edmodo.

Amelia Vance, the director of the Education Privacy Project at the Future of Privacy Forum, writes in an email to EdSurge that the FBI likely wanted to make sure that as the new school year starts, parents and schools are aware of potential security risks. And while she thinks it’s “great” that the FBI is bringing more attention to this issue, she wishes the public service announcement had also addressed another crucial challenge.

“Schools across the country lack funding to provide and maintain adequate security,” she writes. “Now that the FBI has focused attention on these concerns, policymakers must step up and fund impactful security programs.”

According to Vance, a better approach might involve encouraging parents to have conversations with their children’s’ school about how it keeps student data safe.

++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

human nature cybersecurity

Keynote: Cybersecurity Awareness Is Dead! Long Live Cybersecurity Awareness!

Tuesday, August 21 | 12:05pm – 12:30pm ET |

https://events.educause.edu/special-topic-events/webinar/2018/encore-selections-from-the-educause-security-professionals-conference-2018/agenda/keynote-cybersecurity-awareness-is-dead-long-live-cybersecurity-awareness#_zsJE1Le1_zlSvd65

Far too often, cybersecurity awareness-raising training fails to account for how people learn and proven ways to change behaviors. The cybersecurity community too easily falls into the trap of thinking that “humans are the weakest link.” In this talk, Dr. Jessica Barker will argue that, if humans are the weakest link, then they are our weakest link as an industry. With reference to sociology, psychology, and behavioral economics, as well as lessons from her professional experience, Jessica will discuss why a better understanding of human nature needs to be a greater priority for the cybersecurity community.

Outcomes: Explore how we can apply knowledge from other disciplines to improve cybersecurity awareness-raising training and communications * Understand where the cybersecurity industry can improve with regards to awareness, behavior, and culture * Develop ideas to improve how you communicate cybersecurity messages and conduct awareness-raising training

++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

thermal imaging

***** thank you Tirthankar ! ******* : https://www.linkedin.com/feed/update/urn:li:activity:6424443573785235456

Recovering Keyboard Inputs through Thermal Imaging

https://www.schneier.com/blog/archives/2018/07/recovering_keyb.html

Researchers at the University of California, Irvine, are able to recover user passwords by way of thermal imaging. The tech is pretty straightforward, but it’s interesting to think about the types of scenarios in which it might be pulled off.

+++++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

hacking through smart devices

This Casino Was Hacked Through a Smart Thermometer

This casino got hacked through a fish tank thermometer

Posted by NowThis Future on Monday, April 16, 2018

+++++++++++
more on hackers in this IMS blog
http://blog.stcloudstate.edu/ims?s=hackers

cybersecurity threats for schools

The top 5 cybersecurity threats for schools

BY EARL D. LAING November 29th, 2017
https://www.eschoolnews.com/2017/11/29/cybersecurity-threats-schools/

1. Link Security

From ransomware to phishing and other types of security breaches, direct contact is the number one way that you can create a vulnerability in your system. Those who commit these online crimes are finding smarter and sneakier ways to infiltrate your data every day. Sometimes the attack can even come as an email from a legitimate sender, or appear to be a perfectly normal message on social media. The goal is usually to get you to click on a link.

Solution: Make sure the security preferences for your email account(s) are set up to filter spamming, phishing and executable files that aren’t recognized.

2. Unknown Devices

Solution: Your IT system should include a solution that tracks all devices, including those not owned by your school, that enter the network.

3. Out of Date Technology

Contrary to popular misconception, user interaction isn’t always required for a cyber attack to be launched. The WannaCry attack targeted hundreds of computers all with the same security vulnerability on their Windows operating systems.

Solution: Again, an IT solution that tracks all devices is important, but one that can also check on software upgrades and block access to certain apps is ideal.

4. User Error

A data breach in Florida is just one example of the chaos user error can provoke. This issue didn’t begin with hackers at all. It began with carelessness that caused sensitive information to become public.

User error occurs regularly, and a common root of this is failing to restrict access to files or certain sites that may be compromised.

Solution: Restrict user access to sensitive documents only to those who absolutely need them, and make sure that your site architecture is set up to require a secure login for access. You may also want to create a white list of safe sites and applications and block the rest.

5. No Backup

As disheartening as it sounds, even when you take all the necessary precautions to protect your vital information, data breaches can still occur. When an attack happens, it’s often a major blow to productivity to try and get all the information back into a secure place. Worse, vital work can be lost for good.

Solution: Install a backup system on each school device that sends data to a remote server throughout the day (not just at night) to help make sure nothing is lost.

+++++++++++++++
more on cybersecurrity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

Malware, Phishing, Hacking, Ransomware

Keeping Safe in a Digital World

How Not to be Hacked

Malware, Phishing, Hacking, Ransomware – oh my! Learn about the threats to you, your users and your library.  During this session, we will explore the threats to online security and discuss solutions that can be implemented at any level. Most importantly, we will look at how we can educate our users on current threats and safety

Date: December 5th, 10AM

Presenter: Diana Silveira

Register: https://netforum.avectra.com/eweb/DynamicPage.aspx?Site=SEFLIN&WebCode=EventDetail&evt_key=bec597af-02dd-41a4-9b3a-afc42dc155e4

Webinar December 5, 2017 10 AM

  • create policies. e.g. changing psw routinely
  • USB blockers for public computers (public libraries). like skimmers on gas stations
  • do not use admin passwords
  • software and firmware updates.
  • policy for leaving employees
  • HTTP vs HTTPS
  • Cybersecurity KNowledge Quiz Pew research Center
    http://www.pewinternet.org/quiz/cybersecurity-knowledge/ 

diana@novarelibrary.com

slideshare.net/dee987

facebook.com/novarelibrary

twitter @Novarelibrary

+++++++++++
more on hacking in this IMS blog
http://blog.stcloudstate.edu/ims?s=hacker

fake emails

Why everyone still falls for fake emails

By Richard Matthews  Jul 31, 2017

https://gcn.com/articles/2017/07/31/why-fake-emails-still-work.aspx

Phishing is likely to get only more sophisticated.

Based on my experience in Tallinn, we will see companies become more transparent in how they deal with cyber attacks. After a massive cyber attack in 2007, for example, the Estonian government reacted in the right way.

free anti-phishing software

+++++++++++++++++++++
more on phishing in this IMS blog
http://blog.stcloudstate.edu/ims?s=phishing+

not on your work computer

6 things you should never do on your work computer

Amy Elisa Jackson, Glassdoor Mar. 15, 2017, 10:45 AM

http://www.businessinsider.com/things-you-should-never-do-on-your-work-computer-2017-3

cyber security experts say that weaving your personal and professional lives together via a work laptop is risky business — for you and the company. Software technology company Check Point conducted a survey of over 700 IT professionals which revealed that nearly two-thirds of IT pros believed that recent high-profile breaches were caused by employee carelessness.

  1. DON’T: Save personal passwords in your work device keychain.
  2. DON’T: Make off-color jokes on messaging software.
  3. DON’T: Access free public wi-fi while working on sensitive material.
  4. DON’T: Allow friends or non-IT department colleagues to remotely access your work computer.
  5. DON’T: Store personal data.
  6. DON’T: Work on your side hustle while at the office.

++++++++++++++
more on privacy in this IMS blog
http://blog.stcloudstate.edu/ims?s=privacy

more on surveillance in this IMS blog:
http://blog.stcloudstate.edu/ims?s=surveillance

CIA hacks

WikiLeaks: Here’s how the CIA hacks your phones, TVs and PCs

The organization released thousands of documents it claims show how the US spy agency can crack open devices from Apple, Samsung, Google and Microsoft.

  https://www.cnet.com/news/wikileaks-cia-hacking-tools-phones-apple-samsung-microsoft-google/

This debate took off when the US Department of Justice sought to require Apple to help it open an encrypted iPhone belonging to one of the San Bernardino shooters. After Apple fought back in court, the FBI said it had obtained another way to access the phone.

Apple, Google and Motorola declined to comment on WikiLeaks’ claims. Samsung didn’t respond to a request for comment.

“The CIA/Wikileaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption,” said Moxie Marlinspike, the founder of Signal. “This story isn’t about Signal or WhatsApp, but to the extent that it is, we see it as confirmation that what we’re doing is working.”

Telegram said on its website that the problem lies with operating systems and not encrypted messaging apps and that naming specific encrypted services is “misleading.” WhatsApp declined to comment.

+++++++++++++++++++++++++++++++
more on surveillance in this IMS blog
http://blog.stcloudstate.edu/ims?s=surveillance

1 2 3