Bitdefender: Organisations must empower IT staff to mitigate cyber threats

With the WannaCry ransomware and Petya malware attack recently causing damage to organisations worldwide, even halting chocolate production at Cadbury’s Hobart factory, security firm Bitdefener has urged organisations to assist IT teams in preparing for, and mitigating against, future attacks.
According to Bogdan Botezatu, senior e-threat analyst at Bitdefender, organisations need to have mitigation in mind as it’s a matter of when an attack happens, not if.
Speaking with ZDNet while visiting Sydney from Romania, Botezatu said organisations first need to understand what type of security they need and not overlook any aspect, while also trying to see through the noise, such as marketing buzzwords and an over-saturated cybersecurity industry.
“An enterprise has a diverse range of technologies … all these are potential threats,” he explained. “It’s no use for you to have the best end-point security solution if your payment processor in the cloud is left open.”
Botezatu said a standard IT team finds itself constantly under fire, and it’s important that the responsibility doesn’t just lie with them.
“They have external attacks, they have users inside who need technical support — the IT team needs to always be on the lookout to help non-tech savvy departments ensure they don’t shoot themselves in the foot by opening [an executable] promising kittens,” he explained.
“They don’t have time to monitor 60 security solutions … because everything is on fire around them and their time needs to go to good use.”
With organisations, particularly in Australia, relying heavily on cloud-centric applications, it results in most of an organisation lying outside of the physical boundaries of the HQ. As a result, Botezatu said many organisations are running security solutions built for on-premises protection, noting the solutions don’t translate well into the virtualised world.
Despite claims that some organisations have employed services from over 80 security vendors, Botezatu said the majority of attacks start with some form of social engineering targeting an organisation’s employees.
To Botezatu, education is an organisation’s greatest defence mechanism.
“You need to encourage the user to adopt security best practices and to stay aware about what they’re allowed to do with company property,” he explained, noting it’s better to speak with them in order to prevent, rather than to punish.
美国NSA对互联网通讯的恶意监控让全球各国政府什么担心数据和通讯的安全问题。
“This is probably the most basic security measure … make them understand what you’re trying to achieve.”
Botezatu said that while educating the people within an organisation is free, in many organisations, the sentiment is falling on deaf ears.
“That’s one of the issues with the industry, that most of the IT workforce is mobilised to plugging phones into the infrastructure rather than getting some coffee time with people to understand what they are trying to protect the organisation against,” he said.
如何防范智能手机LBS地理位置信息泄露
“Very few people would hazard to do stupid stuff on company resources if they knew they were harming the company, with the exception of disgruntled employees.
“People will lend you a helping hand to protect your organisation if you told them your organisation needs protecting, but usually, the IT guy comes among the masses saying, ‘hey guys, you know nothing about security, you need to do that, that, and that — otherwise I’m suspending you’.”
He said as an employee, individuals need to be a part of the cybersecurity effort, not trying to outsmart the IT guy who has disallowed access to Facebook.

“I’m still waiting for when the CIO will have a solid place at the board table,” he added. “It’s not happening and the finance department is pulling all the strings.”
Although estimations suggest an organisation should be spending 20 percent of its yearly revenue on cybersecurity-related initiatives or products, Botezatu said it’s rarely the case.
It’s a trend experienced globally, he added, especially in the public sector where the lowest bid always wins.
More security news
Dump the snake oil and show security researchers some respect
New details emerge on Fruitfly, a near-undetectable Mac backdoor
Petya ransomware: Companies are still dealing with aftermath of global cyberattack
iCloud security flaw put iPhone, Mac passwords at risk
大部分技术攻击都源于已知的漏洞,需加强漏洞管理如补丁修复工作。

猜您喜欢

新疆环保厅参加2017年全区政务网站加强安全管理及推进政务服务培训…
安全教育日宣教片-教授海外学术交流遇谍记
网络安全法培训短片
中国间谍船监测萨德实验 以其人之道还治其人之身
ISSJP FIRSTBAPTISTLAURELMT
全体员工需知的超短的网络信息安全常识

Voter Registration Data from 9 States Available for Sale on Dark Web

Voter Registration Data from 9 States Available for Sale on Dark WebNearly 10 million voter records sold for just $4 over last few days, according to LookingGlass Cyber Solutions.Threat intelligence company LookingGlass Cyber Solutions says it has discovered over 40 million voter records from nine different states being traded in an underground forum for stolen credit card data and login credentials.
The voter records being offered for sale include the voter’s full first, last and middle name, voter ID, birthdate, voter status, party affiliation, residential address and other details. The data belongs to voters in Arkansas, Colorado, Connecticut, Delaware, Florida, Michigan, Ohio, Oklahoma and Washington State.
Over the last two days, voter databases from at least two of the states—Arkansas and Ohio—were sold for a mere $2 each, or a total of $4 for almost 10 million voter records. That suggests financial gain is not the primary reason for the activity, according to LookingGlass.
‘Logan,’ the individual who has advertised the data and is selling it on a site called RaidForums, has hinted at possessing voter records for an additional 20 to 25 states, says Jonathan Tomek, director of threat research at LookingGlass Cyber Solutions.
Logan appears to have obtained the voter information through Freedom of Information Act (FOIA) requests, website requests, and also through social engineering them from states where an entity would otherwise be required to purchase the information, he says.
What makes his activities additionally illegal is his attempt to sell the data for purposes other than political purposes, he noted. Many states prohibit the republishing of voter data or the use of it for commercial purposes. Violators can face fine and prison terms of up to five years.
“Logan is not affiliated with any group to our knowledge,” Tomek says. “We believe he is acting alone. I can say he is over 18, travels a bit internationally, and works for a cybersecurity company,” he says.

Tomek says LookingGlass does not have information on how many people might have purchased the voter information or what they might do with it. “We do know he is actively trading this information for other stolen items such as credit cards and login credentials,” he says. “The combination of the voter information plus the other data has potential to be very bad since the voter data contains birthday, home address, email, and full name.”
News of the sale of millions voter records in an underground cyber forum comes amid an ongoing controversy over the Trump Administration’s push to get publicly available voter registration records from each state in connection with an inquiry into potential voter fraud in last year’s general elections.  A Trump appointed election integrity commission in fact met for the first time just last Wednesday to discuss next steps into the matter.
深圳企业负责人安全管理培训机构
A total of 24 states have so far complied with the Trump Administration’s request for voter data. But the District of Columbia and 17 states have so far refused to hand over the data. Some groups like the American Civil Liberties Union (ACLU) have sued the Trump election commission citing voter suppression fears.
The Help America Vote Act (HAVA) currently requires all 50 states to maintain a central voter file in electronic format. The content and availability of the data in these files varies dramatically by state, as can be seen in this U.S. Election Project interactive map maintained by the University of Florida, Gainesville.
Some states make all the information they have in their voter files available to those eligible to view or purchase the data. Others withhold certain information like the voter’s Social Security Number, date of birth and driver’s license number. As PBS noted in a report last week, 19 states consider an individual’s full birth date to be part of the public record, while a voter’s race and party affiliation is considered public information in six states and 32 states respectively.
Currently, only the registered parties, political committee and a candidate or their committee registered in all areas can purchase all available statewide voter data, according to the US Elections Project website. The total cost for a US citizen to purchase all available voter registration data for each state is around  $126,500. Politically oriented non-profits, candidates, parties and their committee would pay around $136,000.
Related content:
个人及社会的信息安全显得尤为重要!信息安全在未来社会中必将显得越来越重要!!
Why Hackers Are Getting ‘All Political’ This Election Year
Russian Cyberspies’ Leaked Hacks Could Herald New Normal
US Election: Feds Offer Security Help To States To Prevent Hacking
6 Ways To Hack An Election
 
不要轻易接收、运行陌生人发来的程序和文件,“特别是那些带有诱惑字眼的文件,要特别注意。

猜您喜欢

复赛(南方赛区)|”安全最后一厘米”班组安全环保最佳口号评选活动,等您来投票
差旅及海外安全动画视频课件,专注于提高企业海外人员的安全管理意识,突发事件的应急处理能力:
网络安全法培训短片
澳多所高校出现辱华公告 中国学生会被栽赃
RAJKRMIV ISLANDCRICKET
面对网络勒索您给还是不给

云计算的领导者亚马逊的服务出现故障,影响了客户的业务运作,让人们对云计算的安全性有了担心,所以挑选云计算服务,重在服务管理水平和服务级别协议,另外,要考虑到高可用性,不能完全依赖独家云厂商,灾备计划要完备。
Hackers have lifted not only the social security numbers and personal information of half a million jobseekers in Kansas – but also records on more than five million people from nine other US states.
The compromised database belonged to the Kansas Department of Commerce. The server was set up by the department’s America’s Job Link Alliance-TS to power several state-sponsored job search websites where people upload their resumes and personal information for employers to peruse. Kansas was basically managing this service for 16 US states, although not all were hit in the security breach.
A Freedom of Information Act request by journalists has this month shed more light on the cyber-break-in: although the infiltration was discovered on March 12, and the systems were locked down two days later, only now is the full picture coming into focus, particularly the fact that millions of people are affected.
While the residents of Kansas took a serious hit – 563,568 of them had their info harvested – the good folks of Alabama suffered the most, with 1,393,109 people’s information compromised. Arizona had 896,370 people affected and 807,450 people in Illinois were exposed in the attack. In all, 5.5 million folks had their SSNs and personal data accessed; a further 805,000 just had their personal files exposed, according to state figures.
The full list of affected states in which SSNs were leaked is as follows: Arkansas, Arizona, Delaware, Idaho, Kansas, Maine, Oklahoma, Vermont, Alabama, and Illinois.
Kansas officials called in the FBI as soon as the intrusion was discovered and is now having to spend a pretty penny sorting out the mess. The state paid $235,000 to IT contractor firm SHI for the initial incident response, an unnamed amount to call-center operator Epiq to handle those affected, and $175,000 to lawyers Shook, Hardy and Bacon to cover the state’s ass legally.

信息安全意识超短动漫
Kansas has no data breach notification laws. The state has said it will give a year of free identity theft protection to those affected, further adding to the bill. The 236,134 people affected by the hack in Delaware will get three years of coverage, in line with that state’s laws.
To make life more complicated, Kansas officials say they don’t have the contact details for everyone affected, and has only sent out 260,000 emails to victims. El Reg is happy to help get the word out. ®
为了防止忘掉锁定电脑而带来的安全隐患,您需要设定屏幕保护的时间和启用屏幕保护密码。

猜您喜欢

加强保密“两识”教育 提升安全防范意识
安全生产、职业卫生、环境保护
Security-Frontline-安全前线
两省级军区政治主官对调:王炳跃履新内蒙古军区政委
ZHILSTROY CRYSTALSBOOK
保密培训第一课:准确定密并正确标识国家秘密

Hacker Admits to Mirai Attack Against Deutsche Telekom

A hacker that goes by the name “BestBuy” admitted to a German court on Friday that he was behind an attack last year that knocked close to 1 million customers of German ISP Deutsche Telekom offline.
The suspect is a 29-year old British man who is only identified as “Daniel K.” He was arrested Feb. 22 by the British National Crime Agency at the request of Germany’s Federal Criminal Police Office. Daniel K. pleaded guilty to masterminding the attacks that used Mirai malware to hijack routers, surveillance cameras and baby monitors and carry out denial of service attacks.
Related Posts
In November, a Mirai variant was blamed for a DDoS attack that took down nearly 1 million Deutsche Telekom DSL routers. The Deutsche Telekom attack was just one of many massive Mirai-related distributed denial-of-service attacks last year including one in October against DNS provider Dyn and one in September targeting security journalist Brian Krebs’ website.
At the time, the uptick in Mirai attacks was attributed to the fact the Mirai source code was made public  and modified by several threat actors.
According to reports, Daniel K. admitted to creating a customized version of the Mirai malware to target at first German customers of Deutsche Telekom. According to authorities, he also targeted UK ISPs, commandeering more than 100,000 routers. He has not been charged in relation to that attack.
German media is reporting that Daniel K. was allegedly paid about $10,000 by a Liberian telecommunications firm to carry out the DDoS attack against competitors.
In February, when Daniel K. was arrested, Cologne public prosecutor Dr. Daniel Vollmert told SkyNews that the hacker faced a charge of attempted computer sabotage. If charged in Britain, Daniel K. could face a 10-year jail sentence if convicted, the report stated. German prosecutors had alleged the man offered to sell the botnet over the dark web as a DDoS service, SkyNet reported.
使用网上交易的人们,要小心喽!网络小软件、插件,能很容易分出恶意的和善意的吗?最安全的方式还是不要安装那些并不十分必要的网络插件!
While the hacker’s identity is being shielded, Krebs believes Daniel K. or BestBuy is likely a U.K. man named Daniel Kaye. By tracing registration data associated with domain names used to coordinate the activities of the Mirai botnet, Krebs believes BestBuy is not only Daniel Kaye, but also the hacker behind the remote access Trojan GovRAT. “The trojan (GovRAT) is documented to have been used in numerous cyber espionage campaigns against governments, financial institutions, defense contractors and more than 100 corporations,” Krebs wrote in a post earlier this month.
公司员工信息安全意识教育动画视频
“Mirai was initially able to create the devastating and record-breaking attacks that were observed against the security blog ‘Krebs on Security’ as well as hosting company OVH and ISP Dyn because there were only a few variants that were competing for a large pool of vulnerable devices,” wrote Flashpoint in November. “After the source code for Mirai and its exploitation vector were released on hackforums[.]net, the situation changed dramatically and the number of independent Mirai operators attempting to exploit the same IoT device pool subsequently increased.”
Flashpoint said after the initial waves of attacks, a turf war ensued, and subsequent attacks were smaller. In February, a variant of the Mirai malware targeted a U.S. college with a marathon 54-hour long attack.

In April, an unknown white hat hacker was responsible for creating the Hajime IoT botnet and Hajime malware that had a mission to secure IoT devices vulnerable to the notorious Mirai malware.
黑客入侵多家高校网站,知名高校被黑彰显教育行业的信息安全力量薄弱。

猜您喜欢

诺贝尔科学奖获得者也无法解决的高科技信息窃贼防范难题由信息安全意识教育来帮忙
信息安全年会关注的焦点是信息安全意识
网络安全法宣传视频系列001《网络安全法》背景知识
习近平致信祝贺第十九届国际植物学大会开幕
DOM-SEKSA INTHEROOMS
人人需知的环境保护管理体系基础知识

Microsoft is building a better HoloLens with a new chip focused on machine learning

Microsoft’s HoloLens may have largely faded from public view, but that doesn’t mean that Microsoft’s halted development on it. On Sunday, Microsoft researchers disclosed that HoloLens development is moving ahead, with a new chip that emphasizes machine learning.
Specifically, Microsoft said the next generation of its Holographic Processing Unit, or HPU, will support Deep Neural Network processing, with an emphasis on artificial intelligence, or AI. The AI in question isn’t necessarily Cortana, but simply the way that the HoloLens recognizes the real world.
Harry Shum, executive vice president of the Artificial Intelligence and Research Group, recently showed off the second version of the HPU. The chip, designed by Microsoft, will be totally programmable, the company said.

Microsoft’s HPU is one of the signature features of the HoloLens, responsible for procesing all the information coming from the device’s sensors, including the movement-tracking sensor, the time-of-flight sensor, the inertial measurement unit, and the infrared camera.
Another key aspect is that it’s totally self-contained. Because the HoloLens is untethered, it can’t depend on a PC for its processing power. The HPU is its brains. 
What this new HPU will actually recognize is not quite clear. Microsoft’s current HPU—and by extension, HoloLens—does a nice job of recognizing surfaces and edges and projecting virtual objects on top of them. Whether Microsoft can begin to interpret what those real-world objects are remains to be seen.
Why this matters: We still don’t know whether HoloLens ever make it into the mass market, or remain a sort of semi-shadowy tech for specialized businesses. Microsoft hasn’t said when the next-generation HPU will ship, nor whether entirely new HoloLens will be built around it. What does seem to be happening, though, is that companies are beginning to rethink augmented reality. Google basically buried Google Glass for several years, then recently resurfaced it as a business tool—the same market Microsoft originally targeted with the HoloLens, incidentally.  
To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
try{performance.mark(“mark_article_body_rendered”);}catch(e){console.log(“Error saving performance mark — this function may not be supported in this browser”);}
Related:
Hardware
HoloLens
陆易Louis是知名的搜索引擎公司搜度SoDo公司的一名资深研发组长,看看他遇到了什么搜索算法问题,以及信息安全调查人员有什么发现。
Microsoft
As PCWorld’s senior editor, Mark focuses on Microsoft news and chip technology, among other beats.
写下您的密码并贴在屏幕旁可以让别人很容易窃取您的密码并进入您的电脑。把密码藏在键盘或鼠标下也好不到哪儿去,因为这些是人们经常藏密码的地方。
Follow
单纯暴力的打击盗版并不会让其消失,与其花费精力去从技术上、从服务上为盗版制造各种不便、为用户带来各种障碍,不如为用户提供更优秀的正版体验。

猜您喜欢

央行研究局局长:监管政策密集出台造成货币乘数下降
智能移动终端的安全使用指南
网络安全法宣传视频系列001《网络安全法》背景知识
中金怪杰:黄金短线冲高回落 多单分批进场!
ONLINEPRINTERS SEPTICTANKPARTS
企业安全意识之歌

Inappropriate Access to Patient Records Spanned 14 Years

Inappropriate access to electronic patient records by a clerk for 14 years at a state-run psychiatric facility in Massachusetts shows just how difficult it can be to detect and prevent long-term breaches involving insiders.
See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach
“These are the hardest cases to detect if you are still trying to audit manually or with a tool that only looks for compliance violations,” says Mac McMillan, president of the security consultancy CynergisTek. “This is the kind of incident that demonstrates the need for behavioral-based monitoring that is capable of sorting through so much more data to identify inappropriate activity.”
Victim Count
In a notice posted Friday on its website, the Massachusetts Department of Health and Human Services, which operates Tewksbury Hospital, says a former hospital employee “without good reason” accessed the records of patients for more than a decade.
“Individuals who may be affected include people who were patients at Tewksbury Hospital from 2003 through May 2017,” the statement says. Approximately 1,100 patients were impacted by the records snooping.
The health department says it’s providing written notice to affected patients in addition to posting the notice on its website.
The 370-bed Tewksbury Hospital includes approximately 220 beds for “complex chronic” medical adult patients who reside in seven inpatient units, and 150 for psychiatric clients in five inpatient units. The hospital also accommodates offices for five state agencies.
Breach Discovery
The breach was discovered in April when a former patient expressed concern that someone may have accessed their electronic medical record inappropriately, the health department’s notice says.
“A review conducted in response to this complaint revealed that one hospital employee appeared to have accessed the former patient’s records without a good reason to do so. This discovery led to a broader review of the employee’s use of the electronic medical records system at Tewksbury Hospital,” the statement says. “As a result of this review, we were able to determine that the employee appeared to have inappropriately accessed the records of a number of current and former Tewksbury Hospital patients.”
The information that was inappropriately viewed included names, addresses, phone numbers, dates of birth, diagnoses and other information about medical treatment at Tewksbury Hospital. For some individuals, it may also have included a Social Security number.
The health department says that so far, it has discovered no evidence that any of that patient information was misused. But it’s advising affected individuals to “order a credit report and review it for any signs of fraud on any accounts.” It is not offering free credit monitoring.
Steps Being Taken
网络安全宣传日网上交易安全培训视频
The department declined to comment on how the former patient who complained about inappropriate access by the hospital worker discovered the breach. “We are not providing details due to patient confidentiality,” says the department in a statement provided to Information Security Media Group.
While the employee at the center of the case is no longer working at the hospital, the department of health declined to comment on whether the worker was terminated. “State law prohibits us from disclosing any information related to personnel matters,” the department says.
“To reduce the chance of future incidents like this occurring, we are reviewing our policies regarding access to the electronic medical records system,” the department says in the statement provided to ISMG. “We are also re-assessing how we review our workforce members’ use of the electronic medical records system, and we will be reviewing the training we provide to all workforce members regarding the privacy and security of confidential information.”
Common Problem?
安全徽章(工卡)是为了证明您的身份和显示工作访问权限,为保障安全,您不应该在外出吃午饭时、午休期间、甚至在办公室外面散步时戴着它。
While incidents that involve insiders accessing hundreds or even thousands of patient records over a brief period of time potentially throw out red flags, some experts says it can be trickier to detect insiders who inappropriately access smaller numbers of patient records over longer stretches of time.

“This unfortunately happens all the time as we have organizations who have not recognized the investment in privacy monitoring they must take to avoid this activity or have not embraced their responsibility to put effective controls in place,” says McMillan of CynergisTek.
Privacy attorney Kirk Nahra of the law firm Wiley Rein, notes: “We have seen a broad variety of cases involving insider misuse. While companies need to pay a lot of attention to this issue, it is also very hard to stop entirely. As in this case, it is critical not only to try to stop this from occurring, but, recognizing how hard that is, companies need an effective way to investigate issues or review potential problems.”
Organizations need to be very alert for indications of potential security problems and act quickly to address them, Nahra says. “Here, there is no clear indication of why this was happening. If an individual hospital worker simply looks at records, very occasionally, it is virtually impossible to prevent – except through means that may make it too hard to operate the business,” he says. “It is analogous to a situation you see a lot involving healthcare fraud – it is easy to steal a little over a long time. The people who get caught try to steal too much too soon.”
Kate Borten, president of privacy and security consulting firm The Marblehead Group, says insider snooping remains a big problem for many healthcare entities. “While other industries subject to insider snooping have been able to implement certain controls, this is elusive and challenging for provider organizations,” she says.
“No software algorithm can accurately predict when a user needs to access a patient record for work-related reasons. Snooping may become less common with more sophisticated software and processes and with more serious attention to sanctions,” she notes. Also, all organizations should limit access permissions to the least necessary, she says.
McMillan suggests that the use of some advanced monitoring software can help detect many smaller incidents before they grow into bigger breaches.
Healthcare entities should consider investing in “a behavioral-based monitoring solution or managed privacy monitoring service capable of detecting even small deviations from appropriate activity more proactively providing early warning so the right actions can be taken to stop it,” McMillan says. “The beauty of behavioral-based monitors is that they don’t care if it is just once – if it is not appropriate, they report.”
对我们的组织不满的(前)雇员,是信息安全的一大威胁,并且他们又熟知我们组织内相关的漏洞,知道如何去有效地利用。所以,我们要认识到内鬼作乱可能带来的严重不良后果,强抓员工的职业规范、权限管理和行为监管。

猜您喜欢

大学生入侵高校教务系统帮人篡改成绩 获刑5年
信息安全基础检测
网络安全法宣传片 002 国家网络安全的现状与重要性概述
杨幂3岁女儿比她还忙!公公爆小糯米“暑期计划”
AAYONGCHE LEXINGTONGUNWORKS
互联网金融行业信息安全意识

Snopes is in danger of closing its doors due to a business dispute

More security news
Dump the snake oil and show security researchers some respect
New details emerge on Fruitfly, a near-undetectable Mac backdoor
防DDoS攻击需要走出一条新路,企业依赖的云端防DoS和CDN可被部署为第一层防线,然后再建立一支由你公司IT团队与服务供应商团队共同组成的响应小组。
Petya ransomware: Companies are still dealing with aftermath of global cyberattack
iCloud security flaw put iPhone, Mac passwords at risk
The fact-checking site Snopes was founded in a more innocent time, 1994, by Barbara and David Mikkelson. At that time, its primary mission was researching urban legends. Since then, it has become one of the most popular fact-checking websites, especially as the Trump administration has continued its assault on facts under the rubric “fake news.”

The site now has a page pointing to a site called SaveSnopes, which claims it is “in danger of closing its doors. So, for the first time in our history, we are turning to you, our readership, for help.” The reason? The free-to-use Snopes site has no sponsors, outside investors, or funding. It’s only source of revenue is online advertising. But that funding stream has been cut off.
“Unfortunately, we have been cut off from our historic source of advertising income,” explains Snopes. “We had previously contracted with an outside vendor to provide certain services for Snopes.com. That contractual relationship ended earlier this year, but the vendor will not acknowledge the change in contractual status and continues to essentially hold the Snopes.com web site hostage.”
Snopes staff, led by David Mikkelson, continues to “maintain editorial control (for now), the vendor will not relinquish the site’s hosting to our control, so we cannot modify the site, develop it, or — most crucially — place advertising on it. The vendor continues to insert their own ads and has been withholding the advertising revenue from us.”
Who is this outside vendor? Snopes doesn’t say. The internet whois utility reveals only that the site’s web registry information is hidden by Perfect Privacy, a domain privacy site.
[公告]光一科技:关于出售资产的公告
ZDNet has asked Snopes for clarification on who this vendor is and further details on the dispute, but it has not received a reply as of yet.
However, according to a lawsuit between Snopes’ parent company, Bardav, and Proper Media, a media company filed on May 4, 2017, after a contentious divorce, Barbara Mikkelson sold her 50-percent equity in Bardav to Proper Media in July 2016. Further, “Defendant David Mikkelson (“Mikkelson”) has engaged in a lengthy scheme of concealment and subterfuge to gain control of the company and to drain its profits.”
The suit stated Proper Media was “already managing a significant amount of the operation of Snopes.” A Proper Media minority owner, Vincent Green, then allied himself with David Mikkelson. Since then, Proper Media claims, “Mikkelson conspired with Green to block Proper Media’s access to the personnel, accounts, tools, and data necessary to manage Snopes.”
Proper Media goes on to state that under its General Services Agreement with Bardav, it is “responsible for managing all content and advertising accounts for Snopes.” The lawsuit also accuses David Mikkelson of misusing Bardav funds for legal fees related to his divorce and travel expenses from when he went on a honeymoon to Asia in late 2016 with his new bride — Snopes employee Elyssa Young.
In a statement, Bardav replied it “recently terminated an agreement for Proper Media to provide development and ad tech services to the Snopes.com website. This baseless lawsuit was filed just before the effective date of the termination and appears to be an effort by Proper Media to retaliate against Bardav for that termination and to impede the company’s plans to transition from Proper Media to a new services provider.”
It appears, practically speaking, Proper Media controls the site and has cut Bardav’s access to all its services except the content management system.
In its plea for money, Snopes doesn’t mention the lawsuit. Instead, it says: “Having been cut off from all revenue, we are facing the prospect of having no financial means to continue operating the site and paying our staff (not to mention covering our legal fees). Snopes is asking the community to donate what they can.”
Snopes is raising money using GoFundMe. SaveSnopes’s goal is $500,000. In its first four hours, Snopes has raised over $50,000 from just under 2,000 donors. This funding campaign was started by David Mikkelson.
The Save Snopes site is not hosted on the main Snopes servers. Its domain registry information is hidden by another domain-privacy company: Contact Privacy.
Donations are not tax-deductible as a charitable contribution. The Save Snopes page promises that “all funds will be allocated in their entirety to operating expenses, legal fees, and the continuation of our overall mission to fight misinformation.”
Related stories:9 out of 10 Americans don’t fact-check information they read on social mediaGoogle’s war on fake news goes global: Search results now tagged ‘true’ or ‘false’Facebook needs more real solutions to fake news
大型互联网公司的网站宕机时而有之,实际上很多高可用性方案本身并不可靠,因为所最终依靠的还是人,快速正确地进行安全事故响应才是根本。

猜您喜欢

贵州首个超级计算中心在贵安新区启动
EHS培训的实施与效果的考核
网络安全法宣传推广视频 https://v.qq.com/x/page/p050493s0f5.html
林更新网吧打游戏被突然关机 怒气都要冲出屏幕了
PHOTONLEXICON INDIANACERS
浅谈企业安全沟通管理

Hundreds of companies expose PII, private emails through Google Groups error

Christopher Schirner
A small settings error has resulted in the exposure of confidential business emails and employee data, researchers have warned.
On Monday, RedLock revealed in a blog post that companies including IBM’s Weather Company, Fusion Media Group — the parent firm of companies including Gizmodo, The Onion, and Lifehacker — as well as helpdesk support service provider Freshworks and video ad platform SpotX were affected by the security issue.
According to the team, “hundreds” of Google Groups have publicly exposed messages containing sensitive information belonging to such companies, all because of a customer-controlled configuration error in the service.
上海超级计算中心
Google Groups is used by companies as a collaborative tool and communication platform. Email-based groups are used to maintain communication and control messages between teams, but when these groups are created with the “public on the Internet” sharing setting rather than “private” through the “Outside this domain — access to groups” tab, messages sent between members can be viewed publicly without the requirement of being a member of the group. RedLock researchers found that email addresses, email content, personally identifiable information (PII) including employee salary compensation, sales pipeline data, customer passwords, names, and home addresses at hundreds of companies were left online for the world to see.
Screenshot images viewed by ZDNet verified the exposure of information belonging to Fusion Media Group and SpotX which included email messages, contact details, and personal discussions between executives and staff.
While not a security vulnerability in itself and rather a feature of Google Groups which can prove useful to some, this incident shows that a simple oversight of one setting can potentially have devastating effects for businesses.
Should this corporate information be utilized, corporate accounts could be hijacked, information can be mined for phishing attacks, and sensitive conversations not suitable for the public sphere may be leaked.
信息系统正式上线运行前,应对系统进行功能、性能与安全性测试与验收,经相关流程审批后方可投入使用。
To prevent such a mass exposure of private corporate data once again being left for anyone on the Internet to see, RedLock recommends that companies immediately check their Google Groups settings to make sure the setting “Outside this domain — access to groups” is switched to “private.”
“Simple misconfiguration errors — whether in SaaS applications or cloud infrastructure — can have potentially devastating effects,” said Varun Badhwar, CEO, and co-founder of RedLock. “Recent data leaks at companies such as Deep Root Analytics, WWE, and Booz Allen Hamilton have demonstrated the impact these simple errors can have.”
“In today’s environment, it’s imperative that every organization take steps to educate employees on security best practices and leverage tools that can automate the process of securing applications, workloads and other systems,” Badhwar added.
See also: Tor network will pay you to hack it through new bug bounty program
Earlier this month, extramarital affairs website Ashley Madison offered users caught up in a data breach $11 million in compensation. However, holders of the estimated 36 million accounts involved in the data leak will have to prove they owned their accounts and have experienced losses because of the incident.
How to lock up your digital life and privacy…
SEE FULL GALLERY
1 – 5 of 10
NEXT
PREV

More security news
Encryption: In the battle between math and politics there is only one winner
Symantec tricked into removing legit certificates by security researcher
BlackBerry can sell encryption tools to US government after NSA approval
Enterprise mobility: BYOD, EMM, and new security approaches
公司信息化工作委员会之下应设立信息安全专业工作机构,全面统筹协调公司信息系统安全相关事项的研判决策。

猜您喜欢

12日中央部委等重要政策、消息速递(更新中)
企业信息安全一分钟快速教程
网络安全法宣传推广视频 004《网络安全法》的突出亮点
剧版《致青春》二轮收官 年少时的美好再掀回忆
MAXMODELS EGE5
ISO-IEC27001通用信息安全意识培训