...in another new analysis, IBM warns that teleworkers are especially vulnerable to attack.
“There is a level of apathy and a lack of awareness when it comes to securing the home office environment....they’re seeing double the failure rates on their security tests than they saw pre-COVID,” warns Mathew Newfield, Chief Information Security Officer at Unisys...
“This unprecedented remote working explosion amounts to a dramatic game changer for corporate security officers and cyber attackers,” says Patrick Barry, Chief Information Officer at Rebyc Security.”
“Corporate cyber security strategies, policies, penetration testing procedures, and technologies need to be reconsidered and reevaluated and, in many cases, revamped.” more
Showing posts with label business. Show all posts
Showing posts with label business. Show all posts
Friday, June 26, 2020
Monday, June 15, 2020
Industrial Espionage Case: U.S. Company Awarded $3.36 Million
United Microelectronics Corp. (UMC), Taiwan's second largest pure wafer foundry operator, has been ordered to pay a fine of NT$100 million (US$3.36 million) by a district court in Taichung City which found the company and three of its employees guilty in a trade secret theft case brought by U.S.-based memory chipmaker Micron Technology Inc...
Prosecutors launched a probe into the alleged industrial espionage in February 2017 and decided to charge UMC and the three UMC employees in September, citing violation of Taiwan's Trade Secrets Act for sharing the information with Jinhua. more
Prosecutors launched a probe into the alleged industrial espionage in February 2017 and decided to charge UMC and the three UMC employees in September, citing violation of Taiwan's Trade Secrets Act for sharing the information with Jinhua. more
Monday, June 8, 2020
Lawsuit Disputes Google's Private or Incognito Mode
Search engine behemoth Google found itself in the middle of a proposed class action lawsuit filed in California for invading the privacy of users even when they are browsing the web in what is called the private or incognito mode.
The $5 billion class action suit alleges that the tech giant collects user's data by tracking his activity on the web even in the private mode through Google Analytics, Google Ad Manager and website plug-ins, a Reuters report said.
Users normally login through the incognito mode assuming that it's safe as their search history isn't being tracked. The petitioners have alleged that Google collects the private data even as the users are under the impression that their data is safe and that amounts to misrepresentation. more
The $5 billion class action suit alleges that the tech giant collects user's data by tracking his activity on the web even in the private mode through Google Analytics, Google Ad Manager and website plug-ins, a Reuters report said.
Users normally login through the incognito mode assuming that it's safe as their search history isn't being tracked. The petitioners have alleged that Google collects the private data even as the users are under the impression that their data is safe and that amounts to misrepresentation. more
Frederick Barclay’s Nephews Thought Bugging Ritz was ‘Necessary and Reasonable’
Sir Frederick Barclay’s nephews bugged the conservatory of the Ritz hotel after becoming “seriously concerned” about the billionaire property magnate “posing a significant risk of harm” to the family business, according to documents lodged with the High Court.
The 85-year-old businessman is involved in a bitter High Court battle with three of his twin brother Sir David’s sons over 94 hours of secret recordings made over a number of months as part of what his lawyers have described as “commercial espionage on a vast scale”.
Sir Frederick and his daughter Amanda are suing Alistair, Aidan and Howard Barclay, Aidan’s son Andrew, and Philip Peters – a director of a number of companies in the Barclay Group – after the “elaborate system of covert recording” was discovered in January.
Last month, Sir Frederick released footage appearing to show his nephew Alistair handling a listening device which is said to have been used to capture more than 1,000 separate conversations. more
The 85-year-old businessman is involved in a bitter High Court battle with three of his twin brother Sir David’s sons over 94 hours of secret recordings made over a number of months as part of what his lawyers have described as “commercial espionage on a vast scale”.
Sir Frederick and his daughter Amanda are suing Alistair, Aidan and Howard Barclay, Aidan’s son Andrew, and Philip Peters – a director of a number of companies in the Barclay Group – after the “elaborate system of covert recording” was discovered in January.
Last month, Sir Frederick released footage appearing to show his nephew Alistair handling a listening device which is said to have been used to capture more than 1,000 separate conversations. more
Wednesday, May 27, 2020
Data Breach Report: 28% Involved Small Businesses
Almost a third or 28% of data breaches involved small businesses. The data comes from one of the most acclaimed cybersecurity reports in the industry, the Verizon Business 2020 Data Breach Investigations Report (2020 DBIR).
Currently, in its 13th year, the DBIR is an industry-standard when it comes to gauging the state of cybersecurity around the world...
Click to Enlarge |
With small businesses making up 28% of the breaches, owners have to be more proactive in protecting their digital presence. Whether it is an eCommerce site, blog, V-log, podcast, or other digital assets, you have to protect your domain. This not only ensures your data is safe, but it is one more tool you can use to attract new customers; robust security. more
Wednesday, May 20, 2020
Alliance Trust Savings Censured After Whistleblower’s ‘Spying’ Concerns
A Dundee-based financial firm has been censured by the Information
Commissioner over the use of a mobile app which allowed it to access an
“excessive amount” of employees’ sensitive personal data...
Alex Forootan, 36, began investigating after receiving an unexpected text message from Microsoft saying someone had attempted to access his email account.
Mr Forootan worked as a database administrator at ATS’s Dundee headquarters between October 2017 and October last year and is set to take the company to an employment tribunal next month.
He recently rejected a £10,000 pay out from ATS over the issue, citing concerns about his ability to raise it to public attention should he accept. more
Alex Forootan, 36, began investigating after receiving an unexpected text message from Microsoft saying someone had attempted to access his email account.
Mr Forootan worked as a database administrator at ATS’s Dundee headquarters between October 2017 and October last year and is set to take the company to an employment tribunal next month.
He recently rejected a £10,000 pay out from ATS over the issue, citing concerns about his ability to raise it to public attention should he accept. more
Regulator Ask for Credit Suisse Directors' Mobile Data in Spy Inquiry
Swiss regulators have requested electronic messaging data from the
mobile phones of several Credit Suisse managers and supervisory board
directors as part of a probe into spying at the bank, three people
familiar with the matter said. more
ADT Employee Had Access to Hundreds of Home Security Camera Streams, Lawsuit Alleges
Hundreds of ADT customers are suing the home-security firm after it admitted that a former employee gained unauthorized access to their systems over the last several years—including the live video streams of their in-home cameras.
Two federal class-action lawsuits have been filed on behalf of the customers, The Dallas Morning News reports.
The employee was able to add his email address to customers’ accounts during home-service visits, according to the company. With his email address added to the accounts, he was then able to use the company’s mobile app to snoop on in-home security cameras.
“Moments once believed to be private and inside the sanctity of the home are now voyeuristic entertainment for a third party,” the lawsuits state. “And worse, those moments could have been captured, shared with others, or even posted to the internet.”
ADT reportedly fired the employee after discovering the abuse, and said it brought in measures to prevent a similar incident from taking place in the future. more
Two federal class-action lawsuits have been filed on behalf of the customers, The Dallas Morning News reports.
The employee was able to add his email address to customers’ accounts during home-service visits, according to the company. With his email address added to the accounts, he was then able to use the company’s mobile app to snoop on in-home security cameras.
“Moments once believed to be private and inside the sanctity of the home are now voyeuristic entertainment for a third party,” the lawsuits state. “And worse, those moments could have been captured, shared with others, or even posted to the internet.”
ADT reportedly fired the employee after discovering the abuse, and said it brought in measures to prevent a similar incident from taking place in the future. more
Monday, May 18, 2020
Leaked Phone Call Uncovers Possibly Moldy Marijuana | Fact or Business Espionage Trick?
An audio recording of a detailed phone conversation between two people in the Alaska marijuana industry surfaced on YouTube this week, posted by an account that goes by the name of “Bobb Dogg.”
The conversation cannot be confirmed as legitimate, and could even be business espionage...
In the audio, a person who appears to be a manager of one of Anchorage’s largest marijuana stores admits that his company sold 100 pounds of possibly moldy marijuana, and that CBD oil that was supposed to have a low psychoactive level of THC was found to, in fact, contain high amounts...
The video can be viewed by searching for Bobb Dogg on YouTube. The audio is labeled “Weedileaks.” more
The conversation cannot be confirmed as legitimate, and could even be business espionage...
In the audio, a person who appears to be a manager of one of Anchorage’s largest marijuana stores admits that his company sold 100 pounds of possibly moldy marijuana, and that CBD oil that was supposed to have a low psychoactive level of THC was found to, in fact, contain high amounts...
The video can be viewed by searching for Bobb Dogg on YouTube. The audio is labeled “Weedileaks.” more
Friday, May 15, 2020
Assembling an Ikea Spy Case
Ikea and some of its former executives were ordered to face trial in
France over accusations they conspired with police officers to spy on
staff.
An Ikea unit in France was accused of collecting information on employees and people applying to work for the furniture giant, according to an indictment dated April 30.
In exchange for a fee, police officers provided confidential information to former Ikea executives on past convictions.
This was in turn used to dismiss staff or turn down applications.
Ikea France said it has “always firmly disapproved” of such practices. more
An Ikea unit in France was accused of collecting information on employees and people applying to work for the furniture giant, according to an indictment dated April 30.
In exchange for a fee, police officers provided confidential information to former Ikea executives on past convictions.
This was in turn used to dismiss staff or turn down applications.
Ikea France said it has “always firmly disapproved” of such practices. more
Friday, May 1, 2020
Eavesdropper Scams Financial Advisor | Prevention Tips
Early in April, a financial advisor and her team met with an insurance company wholesaler via the video conferencing platform Zoom.
Unbeknownst to them, another participant had joined the virtual meeting.
As the hacker captured details, the wholesaler named the price of a new policy and the advisor agreed to the terms.
...It’s likely that even before the meeting ended the eavesdropper generated an email to the advisor so that it appeared to come from the insurer. In a later forensic analysis, an overlooked detail revealed the spoof: a single letter the hacker changed in the insurance company’s name.
After the meeting ended, the advisor received the message with instructions to wire money — in the low six figures — to a New York bank account. She did as instructed, sending the money to the hacker. more
———How to prevent Zoombombing in your video chats in 4 easy steps———
1. Don't use your Personal Meeting ID for the meeting. Instead, use a per-meeting ID, exclusive to a single meeting. Zoom's support page offers a video walk-through on how to generate a random meeting ID for extra security.
2. Enable the "Waiting Room" feature so that you can see who is attempting to join the meeting before allowing them access. Like many other privacy functions, a skillful disrupter can sometimes bypass this control, but it helps to put another hurdle in their route to chaos.
Zoom offers a support article here as well. To enable the Waiting Room feature, go to Account Management > Account Settings. Click on Meeting, then click Waiting Room to enable the setting.
3. Disable other options, including the ability for others to Join Before Host (it should be disabled by default, but check to be sure -- see below). Then disable screen-sharing for nonhosts, and also the remote control function. Finally, disable all file transferring, annotations and the autosave feature for chats...
4. Once the meeting begins and everyone is in, lock the meeting to outsiders ... and assign at least two meeting co-hosts. The co-hosts will be able to help control the situation in case anyone bypasses your efforts and gets into the meeting. more
Unbeknownst to them, another participant had joined the virtual meeting.
As the hacker captured details, the wholesaler named the price of a new policy and the advisor agreed to the terms.
...It’s likely that even before the meeting ended the eavesdropper generated an email to the advisor so that it appeared to come from the insurer. In a later forensic analysis, an overlooked detail revealed the spoof: a single letter the hacker changed in the insurance company’s name.
After the meeting ended, the advisor received the message with instructions to wire money — in the low six figures — to a New York bank account. She did as instructed, sending the money to the hacker. more
———How to prevent Zoombombing in your video chats in 4 easy steps———
1. Don't use your Personal Meeting ID for the meeting. Instead, use a per-meeting ID, exclusive to a single meeting. Zoom's support page offers a video walk-through on how to generate a random meeting ID for extra security.
2. Enable the "Waiting Room" feature so that you can see who is attempting to join the meeting before allowing them access. Like many other privacy functions, a skillful disrupter can sometimes bypass this control, but it helps to put another hurdle in their route to chaos.
Zoom offers a support article here as well. To enable the Waiting Room feature, go to Account Management > Account Settings. Click on Meeting, then click Waiting Room to enable the setting.
3. Disable other options, including the ability for others to Join Before Host (it should be disabled by default, but check to be sure -- see below). Then disable screen-sharing for nonhosts, and also the remote control function. Finally, disable all file transferring, annotations and the autosave feature for chats...
4. Once the meeting begins and everyone is in, lock the meeting to outsiders ... and assign at least two meeting co-hosts. The co-hosts will be able to help control the situation in case anyone bypasses your efforts and gets into the meeting. more
Wednesday, April 29, 2020
'Zoom-bombed' | Salary Cuts Call Eavesdropped on by Rival Company
Mark Di Stefano, a reporter with the Financial Times, allegedly entered meetings held over the video conferencing app by the Independent and the Evening Standard.
Stefano, according to the Independent, brazenly joined the meeting by using his work email address. This caused Stefano’s name to appear on the call, although his camera remained disabled.
The journalist reportedly joined for 16 seconds before logging out but returned soon after by logging in with his phone number.
Not long after the call, Stefano sent out a series of tweets describing topics that the Independent says were discussed during the staff meeting.
Stefano described information on everything from pay cuts to the outlet’s issues with falling ad revenue. more
Related News...
DHS Reportedly Concerned Zoom May be Vulnerable to Foreign Spies
The feds are concerned that Zoom’s security flaws could make the popular videoconferencing platform vulnerable to foreign spies, a new report says.
An intelligence analysis from the Department of Homeland Security found that Zoom’s explosive growth and its well-known security problems make it a “target-rich environment” for government spy services and other hackers, ABC News reported Tuesday.
“Any organization currently using — or considering using — Zoom should evaluate the risk of its use,” the department warned in the analysis, which was reportedly distributed to law enforcement agencies around the US. more
...and much more.
Monday, April 20, 2020
7 Espionage Tricks to Avoid While Working From Home
Don't get tricked into giving away personal information.
Why? Because this is what you use for your passwords.
Why? Because this is what you use for your passwords.
- Facebook Quizzes
Quizzes are all over Facebook: What does your eye color say about you? What kind of dog are you according to your zodiac sign? (Facebook says these were questions the criminals used.) - 10 Things About You
As people try to connect during the stay-at-home order, they are answering cut-and-paste questionnaires from their friends. They usually start with something like “Tell me 10 things I don’t know about you” and go on to ask questions like: Who was your first love? ... Here's the problem: those are the exact same questions asked when you forget your password. So, be wary of posting the answers on social media.
- Posting Information about Your Passwords
People are posting all sorts of information about what’s going on at their homes with their children or with their pets. That’s fine, unless they use those same names as their passwords. - Photos of the Home Work Station
At this point, people are pretty proud of their work from home stations. They have a new webcam, a makeshift desk, and maybe even a good microphone. But posting photos of that home work station might give criminals too much information. Can someone see the screen from a window? Are they giving away the brands and models of their IoT devices (which might or might not have exploitable vulnerabilities)? - Clicking Questionable Links
There are a lot of questionable links on the internet. Users should be wary of sites they don’t recognize. While this is rudimentary advice, it’s a good reminder that the headline “New Pandemic Cure No One Is Talking About” likely leads to a malicious site. - Be Aware of What’s Public
Savvy users have changed their Facebook and Instagram profile settings to make them more private. But as soon as you post to a group or comment on someone’s post without strong privacy settings, folks outside your friend's group can see what you’re doing. And, other sites like Twitter and Reddit are not generally private. more
Sunday, April 19, 2020
"The Warehouse" by Rob Hart (book)
"A chilling and all-too-believable portrait of a not-so-far-off future where free will succumbs to big business."--Alafair Burke, New York Times bestselling author of The Better Sister
more
Office Printers: The Ticking IT Time Bomb
Unsecured printers are one of the items on our inspection checklist. Why? Because it is a very common problem. Normally buttoned-up networks put out a hacker welcome mat with just one unsecured printer. ~Kevin
Office printers don’t have to be security threats: with foresight and maintenance they’re very easily threat-proofed. The problem is that system administrators rarely give the humble printer (or scanner, or multifunction printer) much attention.
Hackers haven’t forgotten about printers – not by a long shot. Last summer, a Russian hacker group penetrated numerous organizations by first infiltrating unprotected printers, which were connected to the same network as every other device, and then laddering up to exploit increasingly sensitive areas.
Furthermore, according to a recent report, foreign governments can also easily conduct industrial espionage by targeting this under-the-radar beachhead into the organizational networks...
Using third parties to continually help identify security risks is a smart course of action for enterprises that are truly serious about security measures. more
Office printers don’t have to be security threats: with foresight and maintenance they’re very easily threat-proofed. The problem is that system administrators rarely give the humble printer (or scanner, or multifunction printer) much attention.
Hackers haven’t forgotten about printers – not by a long shot. Last summer, a Russian hacker group penetrated numerous organizations by first infiltrating unprotected printers, which were connected to the same network as every other device, and then laddering up to exploit increasingly sensitive areas.
Furthermore, according to a recent report, foreign governments can also easily conduct industrial espionage by targeting this under-the-radar beachhead into the organizational networks...
Using third parties to continually help identify security risks is a smart course of action for enterprises that are truly serious about security measures. more
Managers: Don’t Rush to Workplace Spyware during Pandemic
A Rutgers organizational psychologist explains ramifications of putting spy software in place.
With millions of employees working remotely due to the coronavirus pandemic, managers—likely new to virtual management—are scrambling to find the best ways to oversee them online.
Computer performance monitoring may interest those looking for “an extra set of eyes,” but workplace surveillance is not that simple, according to John Aiello, an expert in organizational psychology at Rutgers School of Arts and Sciences.“While spy software may relieve the manager’s anxieties, organizations will see an increase in stress on employees and it could decrease productivity,” said Aiello, who has researched the electronic monitoring of workers over the last three decades.
Topics addressed...
How does monitoring software affect productivity?
How does implementing this surveillance affect managers?
Can electronic monitoring be used for “the greater good?”
If employers are thinking about implementing this surveillance, what might be done first?
more
With millions of employees working remotely due to the coronavirus pandemic, managers—likely new to virtual management—are scrambling to find the best ways to oversee them online.
Computer performance monitoring may interest those looking for “an extra set of eyes,” but workplace surveillance is not that simple, according to John Aiello, an expert in organizational psychology at Rutgers School of Arts and Sciences.“While spy software may relieve the manager’s anxieties, organizations will see an increase in stress on employees and it could decrease productivity,” said Aiello, who has researched the electronic monitoring of workers over the last three decades.
Topics addressed...
How does monitoring software affect productivity?
How does implementing this surveillance affect managers?
Can electronic monitoring be used for “the greater good?”
If employers are thinking about implementing this surveillance, what might be done first?
more
Thursday, April 16, 2020
Gad Zoox - Tesla Settles Trade Secret Theft Law Suit
Zoox Inc. said on Tuesday it had settled a lawsuit with Tesla Inc. after admitting that some new hires from the electric carmaker were in possession of certain Tesla documents when they joined the U.S. self-driving car startup.
Tesla lawyers filed a lawsuit in March last year against four former employees and Zoox, alleging the employees stole proprietary information and trade secrets for developing warehousing, logistics and inventory control operations.
Zoox said the settlement required it to pay Tesla an undisclosed amount and undergo an audit to ensure that none of its employees had retained or are using Tesla's confidential information. more
Tesla lawyers filed a lawsuit in March last year against four former employees and Zoox, alleging the employees stole proprietary information and trade secrets for developing warehousing, logistics and inventory control operations.
Zoox said the settlement required it to pay Tesla an undisclosed amount and undergo an audit to ensure that none of its employees had retained or are using Tesla's confidential information. more
Zeroing in on Zoom’s Threat to Financial Services
COVID-19 has induced a significant shift in the way we work. Remote is the new reality.
There may be, however, a tremendous cost to Zoom’s convenience... For many, Zoom has been the answer to staying connected in the workplace.
Simply put, the widespread adoption of Zoom amid a global pandemic might be the security vulnerability of the decade.
In fact, any financial services organization using the service should immediately assume their user credentials are under malicious parties’ control.
In recent weeks, New York Attorney General Letitia James has probed Zoom’s data security strategy, and whether the company’s security protections can keep up with the spike in users. It is also our understanding the FBI, among other federal government agencies, has also prohibited the use of Zoom and WebEx due to security concerns. more
Suit Claims Facebook, LinkedIn Eavesdropped on Zoom Calls
More Zoom news.
There may be, however, a tremendous cost to Zoom’s convenience... For many, Zoom has been the answer to staying connected in the workplace.
Simply put, the widespread adoption of Zoom amid a global pandemic might be the security vulnerability of the decade.
In fact, any financial services organization using the service should immediately assume their user credentials are under malicious parties’ control.
In recent weeks, New York Attorney General Letitia James has probed Zoom’s data security strategy, and whether the company’s security protections can keep up with the spike in users. It is also our understanding the FBI, among other federal government agencies, has also prohibited the use of Zoom and WebEx due to security concerns. more
Suit Claims Facebook, LinkedIn Eavesdropped on Zoom Calls
More Zoom news.
Business Espionage - You Staying in Jail
U.S. District Judge Ronnie Greer Wednesday temporarily stayed – or
postponed – the pretrial release of Xiorong “Shannon” You, a 56-year-old
Chinese-born chemical engineer accused of stealing $17 million in trade
secrets from Eastman Chemical Company and more than $100 million more
while working for Coca-Cola in Atlanta, according to court documents. more
Wednesday, April 15, 2020
Corporate Privacy & Information Security Challenges from Covid-19
This is an excellent information security article written by a respected colleague. ~Kevin
via Charles Patterson - Exec Security
The CoVid-19 response has had serious and often devastating effects on individuals and businesses throughout the world... But there are a number of side-effects from this, many of which affect privacy and information security...
Company offices may be left mostly empty with a skeleton crew, and access being granted to maintenance staff or a few lone employees who may still be carrying out basic operations or some who may have just needed to return to pick up something from their desk to help them work better from home. This means the employees, cleaners, and other staff will be largely unsupervised and may have easy access to areas not normally permitted...
When reviewing your security during this period, here are some very important points to consider:
via Charles Patterson - Exec Security
The CoVid-19 response has had serious and often devastating effects on individuals and businesses throughout the world... But there are a number of side-effects from this, many of which affect privacy and information security...
Company offices may be left mostly empty with a skeleton crew, and access being granted to maintenance staff or a few lone employees who may still be carrying out basic operations or some who may have just needed to return to pick up something from their desk to help them work better from home. This means the employees, cleaners, and other staff will be largely unsupervised and may have easy access to areas not normally permitted...
When reviewing your security during this period, here are some very important points to consider:
- How secure was your facility during the down time?
- Note what areas were weakened, where was less manpower deployed?
- Who continued to have access?
- What types of staff were still given access? Were employees still allowed back in?
- Were any private or classified areas left open and unattended?
- Pay particular attention to board rooms, conference areas, and C-suites. Look for any signs of unauthorized activity.
- What incidents may have occurred during the period?
- Review logs of any security incidents, look for any correlations that could indicate suspicious activity.
- Were there any areas accessed by unauthorized personnel?
- Investigate thoroughly any reports of employees found in unauthorized areas.
- Did any break-ins or vandalism occur?
- Security breaches or other incidents could be used as a cover for actual espionage activity. If a break-in or theft was reported, pay attention to any nearby areas that may have been accessed as well.
Subscribe to:
Posts (Atom)