Author: rescue@crimefire.in

By Cyrus Vance Jr.
Baker McKenzie partner Cyrus Vance, the former Manhattan District Attorney, analyzes some high-profile cyber attacks and offers advice to governments and companies on how to combat digital crimes against industry and agencies.
Last month, San Francisco’s Bay Area Rapid Transit, California’s largest transit system, suffered a ransomware attack that exposed highly sensitive data from the agency’s own police department.
Vice Society, the prolific ransomware group that claimed responsibility for the attack, stole everything from master employee lists to crime lab reports and made them public, putting lives at risk. This was just the latest in a long list of cyber attacks targeting transit systems and national infrastructure, and it certainly won’t be the last.
During my 12 years as Manhattan District Attorney, I witnessed the harmful effects of cybersecurity threats. Cybercrime in New York City impacts massive financial institutions, retailers, and infrastructure providers every day. These entities are attractive targets of cybercriminals, whether for financial or political reasons.
When an organization is attacked, it’s hard to know the source—could it be a nation state, a cybercrime group, or someone from within the organization? Nation-state actors and their proxies are constantly re-branding and re-inventing to avoid detection.
That said, though nation-state actors tend to cause the most damage, over 80% of cyberattacks are carried out by private actors.
Beyond the financial risk to businesses and individuals, cybercrime is a grave threat to our national security, with critical infrastructure targeted more and more every day.
Every zero-day exploit—a vulnerability in a system that has no known fix—represents an opportunity for an enemy to intercept sensitive communications, steal valuable intellectual property, and cripple the systems that keep us safe: power, water, nuclear, hospitals, and more.
Cyber crime is not just about extracting money or data. These attacks diminish trust in our most important institutions and sow fear and uncertainty, which is one of the principal goals of our adversaries.
A look at some of the biggest cyber events of 2022 drives this home. There has been an explosion of digital extortion. Hacking ransomware group Lapsus$ leaked sensitive data from victims including the world’s leading technology companies.
Costa Rica’s government was brought to a standstill by Conti ransomware, linked to Russia. Thefts from blockchain businesses grew exponentially in the last year, with staggering losses. Last March, North Korea-linked Lazarus stole $540 million in cryptocurrency from Ronin, a popular blockchain platform.
Organizations and industries with little tolerance for downtime continue to be hit hard because bad actors target those that are most likely to pay. Last June, a Massachusetts-based health-care company announced a breach affecting the health data of 2 million people.
In the wake of the pandemic, manufacturing is now the most-targeted industry—supply chain demand means that businesses can’t afford to be offline, even if every bit of data is backed up.
Unfortunately, the current cybersecurity forecast favors criminals and state-sponsored actors over the ability of jurisdictions and businesses to fight them. We’re not prepared for attacks or the aftermath that inevitably follows.
A recent Baker McKenzie survey found that lawsuits over cybersecurity and data breaches were the number-one litigation risk concern for senior legal counsel inside large corporations globally.
Though federal agencies are laser-focused on preventing a cyberattack that results in a nuclear disaster or a nationwide power outage, state and local governments also need to take a hard look at their ability to respond to a serious cyber event.
We need creative thinking and engagement at every level to address the cyber threat problem as the crisis that it is.
When I was still DA, I asked intelligence experts in the NYPD what would happen if we were hit with an attack on, for example, our water sources. Was there a plan?
The answer made painfully clear that we had work to do: there was no plan A and there certainly wasn’t a plan B. In the event of a serious attack on critical infrastructure, no one was coming to save us. New York would have to save itself.
So we got to work. We convened a public/private task force, including infrastructure providers, law enforcement, intelligence, and nonprofits. We trained first responders to manage a cyberattack, with the support of—among others—IBM and its training facility in Massachusetts.
Five years in, the NYC Cyber Critical Services and Infrastructure Project has its own dedicated command center and a diverse membership of almost 300 professionals from health care, tech, government, and other sectors.
When the Colonial Pipeline attack hit, the NYPD’s Intelligence Bureau quickly leveraged CCSI’s “team of teams” to spread the word throughout member organizations and made sure that infrastructure providers were scouring their networks for similar attacks.
There is work still to do, but New York has proven that this model works and can be replicated across the country, at relatively little cost and quickly. For states and cities that are less-resourced than New York City, that is hugely important. They don’t have the luxury of time to achieve higher cybersecurity and resiliency for critical infrastructure. They need it now.
Collective security efforts are critical to our security. If we are going to have any chance of defending ourselves against significant cyber threats—the type of attacks that can take out a power grid or a hospital—we need to work together.
The US led the way in developing the internet and today is home to the best and most innovative technology companies in the world. We now need to show the same leadership in securing it.
This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.
Write for Us: Author Guidelines
Cyrus Vance Jr. is a partner and global chair of Baker McKenzie’s cybersecurity practice. Prior to joining Baker McKenzie, he served three consecutive four-year terms as Manhattan District Attorney.
To read more articles log in.
Learn more about a Bloomberg Law subscription.

source

College students are often easy targets for cyber criminals and campus leaders should educate new students about the dangers starting day one.
Photo: momius, Adobe Stock
Most college students are too busy with their studies and social lives to worry about issues like online privacy and cybersecurity. Unfortunately, this means that the majority of college students aren’t protecting their personal information online, even as they spend more and more time using digital tools for their classes.
Students might not think that their information is valuable. After all, most students are budgeting as best they can to minimize the debt they’ll have after they graduate. However, that doesn’t mean college students aren’t targets for hackers. Universities need to help students understand the importance of keeping their personal information safe so that they don’t become victims of cybercrime.
It might seem strange that cybercriminals would want to steal the personal information of a college student. After all, college students aren’t likely to have a lot of money or much of a credit history, so it might seem like targeting students would be a waste of time.
Even if they don’t have much in the way of assets, college students have a lot to offer a criminal looking for an easy target. College students aren’t focused on cybersecurity and might not be familiar with the tactics hackers use to steal data. Because they don’t consider themselves attractive targets, they don’t take the necessary precautions to protect their information.
There are other factors that make college students targets for hackers as well. A limited credit history might not seem like a good thing, but to someone who is trying to illegally use someone else’s credit, this “clean slate” can be a positive.
Younger people are used to sharing personal information on social media and often don’t know what types of information they shouldn’t share publicly. They also have lots of connected devices and potential vulnerabilities for hackers to exploit.
Hackers have a variety of goals when it comes to cybercrime. Identity theft is a common problem for people of all ages, but college students are a group that can be especially vulnerable. Cybercriminals steal someone’s identity to impersonate them, generally so they can open accounts in their name, use their credit, and gain financially.
Unlike cyberterrorism, which is more likely to strike large institutions, including universities, cybercrime affecting individuals like college students is on a small scale. However, the impact of crimes like identity theft, malware, and phishing (getting someone to click on a malicious link) can be significant, affecting the victim’s credit, financial health, ability to open new accounts, and privacy.
It’s not always possible to prevent cybercrime from taking place. Hackers are smart, and they are always evolving their techniques to beat the latest cybersecurity measures and antivirus software.
However, there are some techniques that college students should use to protect their personal data. It’s important to educate college students on these key cybersecurity measures so they can prevent becoming the victim of a virtual attack.
This is advice that’s given over and over again: students should use strong passwords and avoid using the same password for multiple sites. Although it might sound like the most obvious piece of advice about cybersecurity, most people don’t follow it, leaving themselves vulnerable through multiple accounts. Password managers can help students ensure that their password behavior is cybersecurity-approved.
Two-factor authentication, which requires two forms of verification for a successful login (such as a password and a code sent to a phone or email address), helps to ensure that someone is who they say they are.
If someone tries to remotely access a student’s data, two-factor authentication should notify the student that a login attempt has been made. This not only helps protect the account and keep it secure, but it also gives students information about any unauthorized login attempts, sometimes with the location of the attempt.
Public wi-fi can be a source of vulnerability for college students. They should understand the risks of using unsecured networks, as well as strategies for protecting their privacy when using these networks.
Students on a budget might already be in the habit of checking their financial accounts, but not always. Frequent monitoring of bank accounts, investment accounts, and other financial accounts can help students spot fraud and other evidence of a cybercrime right away. This can help law enforcement hold the criminals responsible and reduce harm to the victim.
If something feels “off” to a student, such as an email they receive, they should know to follow their instincts and approach the situation with healthy suspicion. Cybercriminals can be very clever in hiding their activities. It’s always better for students to be safe than sorry!
Many students don’t worry at all when they leave their laptop at a library table for a few minutes so they can use the restroom. Unfortunately, not having physical control of a device can easily lead to data theft, even during a short period of time. People can quickly gain access to sensitive data this way and use it maliciously.
Students should understand the importance of maintaining physical control of their devices at all times, whether they’re at a party or hosting one; whether they’re at a coffee shop or the library and just need to briefly step away from their devices.
Simple cybersecurity protocols aren’t hard to implement. The harder part is getting students to take cybersecurity seriously.
Most students know in theory that protecting personal data online is important. However, they might be so convinced that they won’t be a target of cybercrime that they brush off cybersecurity advice, especially when they are busy with school and social obligations. It’s easy to feel like crime is something that happens to other people — but when students don’t take any precautions, they become “other people” and regret that they didn’t take cybersecurity more seriously.
Start talking about cybersecurity from day one with new students. Including information in your welcome materials about the why and how of protecting their online data can help increase awareness and get students thinking about the issue. It’s also critical to provide information on what students should do if they think they’ve been hacked.
It’s important to keep the issue of cybersecurity top-of-mind for students throughout their college career so they can learn good habits and skills to protect themselves today, tomorrow, and for the rest of their lives.
Sarah Daren has been a consultant for startups in multiple industries including health and wellness, wearable technology, nursing, and education.
Note: The views expressed by guest bloggers and contributors are those of the authors and do not necessarily represent the views of, and should not be attributed to, Campus Safety.
Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century
This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!
Your email address will not be published. Required fields are marked *
Comment
Name *
Email *
Website
Save my name, email, and website in this browser for the next time I comment.


Δ
In this webinar, attendees will learn the observable behaviors people exhibit as they head down a path of violence so we can help prevent the preventable.
This discussion will help participants analyze, understand, and assess their own program effectiveness.
Follow Us On
Ⓒ 2023 Emerald X, LLC. All rights reserved.

source

By Cynthia Brumfield
CSO |
Cybercrime is a growing scourge that transcends borders, spreading across the boundaries of virtually all the world’s nearly 200 nation-states. From ransomware attacks to rampant cryptocurrency theft, criminal exploitation of borderless digital systems threatens global economic security and the political welfare of all countries.
Now, the United Nations has a major initiative to develop a new and more inclusive approach to addressing cybercrime. This revised global approach could spark new laws worldwide to battle cybercrime more effectively. However, concerns over the scope of the emerging international convention and its possible threats to free speech, privacy, and cybersecurity research, among other issues, have emerged following the recent release of early drafts of the new convention.
On December 27, 2019, the United Nations General Assembly adopted a resolution to counter the use of information and communications technologies for criminal purposes. Through the resolution, the General Assembly established an open-ended ad hoc intergovernmental committee of experts from all countries to create the cybercrime convention, which will be voted on by the General Assembly at its 78th session starting in September.
This convention will supplement a convention on cybercrime developed in the 1990s and signed in Budapest in 2001, commonly referred to as the Budapest Cybercrime Convention. The Budapest Convention resulted in the first international treaty to define crimes committed via the internet and other computer networks. It went into effect in 2004, with updates adopted since then, most recently in 2022.
Sixty-seven countries ratified the Budapest Convention, with two additional countries, Ireland and South Africa, signing the convention but not ratifying it. The ad hoc committee aims to create a new cybercrime convention that is more widely adopted and influential than the Budapest Convention.
“The US and lots of other like-minded countries have been saying that we have the Budapest Convention on Cybercrime,” Chris Painter, president of the Global Forum on Cyber Expertise Foundation and the former top cyber diplomat for the US, tells CSO. “That’s great. But a number of countries, led by Russia and China, said they wanted a new UN convention since they weren’t part of the original negotiation of the Budapest Convention. So, the US and others said, ‘Okay, we’ll fully participate.’”
A new convention would enable “us to more swiftly, in a more modern manner, exchange information to pursue and bring to justice those who abuse computer systems,” Ambassador Deborah McCarthy, US lead negotiator on the Ad Hoc Committee for the Department of State, tells CSO. “This makes it truly global.”
Due to the tight timeframe to meet the September deadline, the working groups assigned to hammer out the new convention presented compilations of draft texts of the proposals at the fourth session of the Ad Hoc Committee in Vienna that concluded on January 20.
The critical characteristic of any new cybercrime convention is that it could, when implemented, have the same force as federal legislation, Kurt Opsahl, deputy executive director and general counsel of the Electronic Frontier Foundation (EFF), told attendees at this year’s Shmoocon conference. EFF, along with Painter’s group and more than 74 digital and human rights organizations, are participating in the Ad Hoc Committee’s discussions at the encouragement of committee chair, HE Ms. Faouzia Boumaiza Mebarki of Algeria, to get views of “non-governmental organizations, civil society organizations, academic institutions, and the private sector.”
Because of this force of law, treaties resulting from conventions can “short circuit” the political process. “We have seen some bad policies come through the treaty process and then get adopted here in the states,” Opsahl said. For example, the Digital Millennium Copyright Act (DMCA), “which we’re not really big fans of,” mandated that US copyright law comply with two treaties established World Intellectual Property Organization (WIPO).
From Painter’s perspective, the fundamental questions in the current negotiations center on what’s in and out of the convention’s scope. “Those are the two things we’re dealing with, and they’re both difficult issues. The US, the EU, and others have been pretty clear that they think it should be restricted to real cybercrimes. There might be a couple of exceptions like child exploitation or things like that, but not every crime that may be cyber-enabled [should be included] because that’s everything; that would be every crime.”
Ambassador McCarthy underscores Painter’s point, emphasizing the cybercrime nature of the convention more broadly, saying, “This is not about cybersecurity, it is not about internet governance, it’s not about covering speech crimes or terrorism. Our aims are not broad; they’re quite narrow.” Likewise, when it comes to some countries’ goals of including a range of cyber-enabled crimes, “If you add all the cyber-enabled crimes that a number of countries would like to have, they touch on freedom of expression and freedom in general,” she says. “And we do not want to see that in this instrument.”
“It’s a very long treaty,” EFF’s Opsahl said at Shmoocon. “It covers a lot of things. It would be best if it is limited to cybercrime.”
The drafts released at the fourth session in Vienna point to a range of provisions that go far beyond the strict parameters of cybercrime, suggesting room for improvement before the US and its like-minded allies could agree to a new convention.
The first area for improvement is in the area of civil disputes, such as violating a site’s terms of service, “which should not be a crime,” Opsahl said. However, many of the ways that the cybercrime provisions are being written “could certainly have an interpretation that unlawful conduct would include contract violations. They should make it clear in the statute, in these proposed articles, that this is not going to be criminalizing civil disputes.”
Another area to watch out for is clarifying the nature of intent when it comes to provisions that criminalize “the serious and unlawful hindering of the functioning” of a computer system. “Intent is that difference between finding a vulnerability, proving it up, and helping the world with that information, and going, and exploiting it,” according to Opsahl.
Painter agrees, saying “you don’t punish researchers. As lawyers say, you actually have to have mens rea or mental state for these crimes, and not if you engineer something, suddenly you’re liable.”
Perhaps most concerning are the draft sections that criminalize the content of speech, such as extremism or terrorism. “Many countries who will be signatories to this treaty use similar language to strike down dissent and say that anyone who’s opposing the regime is spreading sedition is spreading strife and hatred,” said Opsahl. “This has been used far too often to endanger rights. There are no agreed international definitions of what these kinds of terms mean.”
“What is cyber terrorism?” Painter asks. “What does that mean? To Russia, it might mean someone disagreeing with Putin. The Chinese representative reportedly said in one of the meetings that he wanted to introduce a substantive crime about disinformation, but he was talking about people spreading rumors about natural disasters or the pandemic.”
“Terrorism is handled in other fora, violent extremism is handled in multiple fora,” McCarthy says. “This particular instrument is not appropriate for these things that are being handled in other fora. If you try to incorporate all these other things on which there is sometimes no final agreement, it goes beyond being a crime instrument, and the process will never conclude.”
Despite these and other thorny issues, McCarthy says she is heartened at how the process has brought “more people under the tent” and how only a handful of countries have a list of demands that would threaten the acceptance of a new convention. She has faith in the caliber of the policy people and practitioners on the US team, which includes experts from the Department of Justice.
During a fifth session in April, small subgroups of the ad hoc committee will tackle “the difficult things that we ran into on the fourth session,” she says. In addition, the teams will continue negotiating between sessions. “There’s a broad desire to have something tight and nimble.”
The crunch time will come before the sixth session in late August, by which time the committee chair will have produced what is called the zero draft or the last draft version of the convention. “So, there’s not a lot of time,” says McCarthy.
Copyright © 2023 IDG Communications, Inc.
Copyright © 2023 IDG Communications, Inc.

source

T-Mobile’s New Data Breach Shows Its $150 Million Security Investment Isn’t Cutting It  WIRED
source

Shutterstock
For developers, designers, testers and others displaced by cybersecurity layoffs, there’s always work in cyber crime, according to a new Kaspersky study.
The Kaspersky study examines the dark web job market. Kaspersky analyzed 200,000 employment ads about long-term or full-time jobs from 2020 through June of 2022.
To be clear, Kaspersky isn’t recommending these ads to jobseekers. It tracked this data to keep tabs on the bad guys.
Job requirements included creating malware and phishing pages, compromising corporate infrastructure, hacking web and mobile applications, and other responsibilities. The median levels of pay offered to IT professionals varied between $1,300 and $4,000 per month.
Some 41% of ads were posted in 2020, with activity peaking in March. That’s possibly because of a pandemic-related income drop experienced by parts of the population.
Polina Bochkareva is a security services analyst at Kaspersky.
“IT headhunting is one of the numerous topics which is constantly discussed on the dark net,” she said.  “Nowadays, tracking cybercriminals’ interests and continuous analysis of their activities is vital for companies that want to proactively respond to cyberattacks and keep their information security at the highest level. The more you know about your adversary, the better prepared you are.”
Scroll through our slideshow above for more from the Kaspersky dark web job market study.
-or-
Log in with your Channel Futures account
Alternatively, post a comment by completing the form below:
Your email address will not be published. Required fields are marked *
Comment
Name *
Email *
Website
Save my name, email, and website in this browser for the next time I comment.



.@CiscoPartners reportedly saw their inventories decline due to supply chain improvements. dlvr.it/SjXSq3 https://t.co/EjGAcUAtAP
Channel Futures has opened the application process for the global 2023 #MSP501 along with nominations for this year… twitter.com/i/web/status/1…
.@DocuSign latest tech company to announce #layoffs, cutting 700 workers. dlvr.it/SjX8bT https://t.co/sOPVLtgT2y
.@hirevue: job market remains strong for tech workers despite widespread #layoffs. dlvr.it/SjX6jZ https://t.co/UFV2NKmKWO
The Channel Futures #MSP501 application is now open for 2023! 🎉 After a healthy review & update, this year’s survey… twitter.com/i/web/status/1…
We took a deep look into the events leading up to the sale of one of the channel’s oldest tech services distributor… twitter.com/i/web/status/1…
.@WekaIO‘s new global partner program helps resellers take advantage of the #WEKA data platform technology.… twitter.com/i/web/status/1…
[email protected] users now have more #cloud cost management options. dlvr.it/SjTmYp https://t.co/UCI9eCgfuC
The industry's largest and most comprehensive partner awards program.
Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.
Get the latest information on the next industry-leading Channel Partners event.
Educational slide shows and images from live events.
Want to reach our audience? Access our media kit.

source

We use some essential cookies to make this website work.
We’d like to set additional cookies to understand how you use GOV.UK, remember your settings and improve government services.
We also use cookies set by other sites to help us deliver content from their services.
You can change your cookie settings at any time.
Departments, agencies and public bodies
News stories, speeches, letters and notices
Detailed guidance, regulations and rules
Reports, analysis and official statistics
Consultations and strategy
Data, Freedom of Information releases and corporate reports
Published 7 February 2023

© Crown copyright 2023
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/dcms-cyber-security-newsletter-february-2023/dcms-cyber-security-newsletter-february-2023
Finding out more about how other nations are approaching their cyber security policy is a great way to learn. That is why I was honoured to give a speech at the UK Gulf Women in Cybersecurity Fellowship last month. The Fellowship supports women cybersecurity professionals across the Gulf by providing positive female role models, promoting peer-to-peer learning and strengthening UK Gulf cooperation and partnerships. It was great to meet so many inspiring women who are making a career in this sector.
These events and connections are essential to the success of our industry. In January Plexal hosted a showcase day for companies taking part in our Cyber Runway programme. The event gave the businesses the opportunity to pitch to industry experts and investors in order to receive feedback on their product pitches and business strategy. I would encourage you to also read Plexal CEO Andrew Roughan’s new blog where he discusses the importance of the cyber ecosystem and how startups can gain access to NCSC experts by applying for the NCSC For Startups programme in 2023.
There is still time to register to attend our CyberASAP Year 6 Cohort Demo Day on Wednesday 22 February, where fifteen UK academic teams will be showcasing their cyber security prototypes with promising commercial potential. The teams are particularly interested in meeting investors and potential commercial collaborators.
Finally, I would like to draw attention to the Department for International Trade’s North American Roadshow, which is visiting 12 cities across the UK between 27 February and 10 March. This is a great opportunity for businesses to learn about exporting to Canada and the USA with the DIT team and a range of experts.
Erika Lewis
Director, Cyber Security and Digital Identity
On Wednesday 22 February CyberASAP, DCMS’s pre-seed accelerator, will be showcasing the 15 companies on the current cohort of the programme at Level 39, Canary Wharf, London. This is an opportunity to preview their proof of concepts, meet the teams and learn more about new products and services which could be entering the UK cyber market.
The companies cover a range of sectors including smart home IoT, secure railways systems and protecting people online.  Registration is now open and the participating companies are particularly keen to speak to investors and potential commercial collaborators.
The government is asking for industry views on software resilience and security for businesses and organisations. Recent incidents such as the 2020 SolarWinds attack and the discovery of the Log4j vulnerability, have demonstrated the widespread impact which insecure software can have on businesses, charities, educational institutions and other organisations. Strengthening the resilience of software is an important part of strengthening organisational cyber resilience more widely, so the government is seeking views on software cyber risk and where government action might help to mitigate them.
The deadline to provide views is Monday 1 May and you can respond to the software security consultation here.
The UK Cyber Security Council is partnering with CREST and Cyber Scheme to introduce a professional standard for security testing.
The launch of the Security Testing partnership forms part of the Council’s work to introduce a universally recognised professional standard across the cyber industry. Ultimately, the professional standard will allow practitioners to achieve recognition at either Associate, Principal or Chartered level across 16 specialisms.
CREST, an international not-for-profit membership body for the cyber security industry, and The Cyber Scheme, a NCSC accredited assessment and training provider for security testing practitioners, have partnered with the Council to deliver the programme.
As part of National Apprenticeship Week, DCMS has been hearing from cyber security businesses and the apprentices they hire to learn about their experiences. One such business is KryptoKloud, a Lincoln based cyber security and intelligence company that currently hires five cyber security analyst apprentices from Lincoln College. 
Ben Smith, one of KryptoKloud’s apprentices explained, “as a Lincoln College apprentice and KryptoKloud employee I have the best of all worlds: work wise, college wise and socially. The ability to live and commute from home to college and work, coupled with being able to work locally in a great modern environment with fantastic opportunities is simply amazing.”
“The operational and work-based experience that I have gained has put me into an ideal position upon which to further develop my career and fulfil my future aspirations to be a Chief Operations or Information Officer or indeed to successfully manage my own cyber security company. Finally, when I finish, not only will I have experience and qualifications, but I will also have the freedom to progress without huge debts hanging over me.” 
To find out how an apprenticeship could help your business, visit the Apprenticeships website.
In January companies taking part in Cyber Runway, the DCMS-funded accelerator for UK cyber sector businesses, took part in a showcase event at Plexal. The companies were able to pitch to both investors and business experts to gather feedback on their business, strategy, product and next steps. Dell Technologies and VMware sponsored the Investor Feedback Room and Lloyds Innovation Lab also hosted a room to hear from the companies.
Applications to join the Digital Security by Design (DSbD) Technology Access Programme are now open. Participating companies are supported by a wide network of professionals from Arm and the University of Cambridge to experiment with groundbreaking cyber security technology that has the potential to block up to two thirds of all memory related cyber attacks. A £15,000 grant is also available for companies with less than 250 employees to enable them to take part in the programme.
The Cyber Essentials technical requirements have been updated in advance of the changes taking effect from April 2023. As part of a regular review of the scheme’s technical controls, the National Cyber Security Centre has carried out a “light touch” update to ensure it continues to help UK organisations guard against the most common cyber threats. The changes include new details around user devices, firmware, device unlocking and malware protection. This latest update (version 3.1) will take effect from 24 April 2023.
The scheme has now awarded 116,194 certificates to businesses and organisations, including 31,353 awarded during 2022 and a record 3,338 certificates awarded during the month of December 2022. For more information on Cyber Essentials, please visit the NCSC website.
In February and March the Department for International Trade North America is visiting  twelve cities across the UK, where they will offer presentations and interactive sessions to help you understand the opportunities in Canada and the USA. The DIT team and a range of experts will provide key information and guidance to help you on your export journey.
You can register for a single session or a full day in a range of locations from London to Glasgow.
UK Innovation and Tech Show –
March 15, Brussels
Organised by the UK Mission to the EU, the UK Innovation & Tech Show brings together innovators, companies and thought leaders from across the UK and Europe for a stunning exhibition and a series of policy discussions around cutting edge technologies.
To be held in Brussels on Wednesday 15 March the event will include an exhibition, breakout discussions on the policy and ethics of emerging technology, a live hackathon demonstrating the potential of AI, and an inspiring opening keynote speech from the Royal Society Professor for Public Engagement in Science, Brian Cox.
You can register for free tickets online and there are still a few spaces available for exhibitors who want to showcase their hardware and technology. Exhibiting is free and assistance is potentially available for travel and accommodation costs for SMEs.
Does your corporation want to have a human impact in cyberspace? The CyberPeace Builders is a unique network of expert volunteers assisting humanitarian non-government organisations to manage their cyber security so they can maintain their operations. 
CyberPeace Builders are currently looking for organisations to support their work by providing volunteer time, sharing information about their free services for NGOs or funding their work.
Don’t include personal or financial information like your National Insurance number or credit card details.
To help us improve GOV.UK, we’d like to know more about your visit today. We’ll send you a link to a feedback form. It will take only 2 minutes to fill in. Don’t worry we won’t send you spam or share your email address with anyone.

source

An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
TEL AVIV – This week, Department of Homeland Security (DHS) Under Secretary for Policy Robert Silvers visited Israel to deliver a keynote address at the CyberTech Global Conference and to meet with representatives from Israel and key Middle Eastern nations, in collaboration with the Department of State. Under Secretary Silvers met with President of the State of Israel Isaac Herzog, Israel National Cyber Directorate Director General Gaby Portnoy, Head of the UAE Cyber Security Council H.E. Dr. Mohamed Al Kuwaiti, CEO of the Bahrain National Cyber Security Center Shaikh Salman bin Mohamed bin Abdulla al-Khalifa, and Director General of Morocco’s Directorate General of Information Systems Security Brig. General El Mostafa Rabii to discuss the expansion of the Abraham Accords to include shared cybersecurity priorities and enhancing regional cooperation.

“The expansion of the Abraham Accords into cybersecurity is advancing our defensive operational collaboration with Israel and our partners across the Middle East to protect our critical infrastructure,” said DHS Under Secretary for Policy Robert Silvers. “Together we can harness our capabilities to address the most pressing cybersecurity challenges to drive security and resilience.”

At the CyberTech Global Conference, Under Secretary Silvers delivered a keynote address emphasizing the importance of cohesive private sector engagement, international cooperation, and the U.S.-Israel relationship to address shared cybersecurity threats. He also participated in the first ever public dialogue among U.S., Israeli, Emirati, Bahraini, and Moroccan cybersecurity officials to build on the Abraham Accords and normalization agreements. 

The Department’s cybersecurity engagement in the Middle East builds on a long history of defense and security cooperation between the U.S. and partners in the region. Its work to expand the Abraham Accords and normalization agreements is focused on network defense and cybersecurity collaboration to address shared threats, including nation state targeting of critical infrastructure and widespread ransomware attacks. DHS and its Middle East partners commit to sharing information about cyber threats, incidents, and approaches to these challenges to increase global cybersecurity and resilience.     

Partnering with the Department of State, Under Secretary Silvers engaged with Israeli leaders and emphasized the need for Israel to meet all Visa Waiver Program (VWP) requirements to become eligible for the program and thereby enhance U.S.-Israel security and travel partnership. Under Secretary Silvers met with Speaker Amir Ohana regarding VWP-related legislation and National Security Advisor Tzachi Hanegbi to discuss the significant amount of work that must be accomplished in a short amount of time for Israel to be eligible to achieve entry into the program.

###
 
DHS.gov
An official website of the U.S. Department of Homeland Security

source

This year, the National Science Foundation is providing more than $29 million in new funding to support the development of a cybersecurity workforce.
“Cybersecurity is one of the most important issues confronting society in the information age,” said NSF Director Sethuraman Panchanathan. “As our reliance on the national cyberspace evolves, so does the complexity of the cyber threats we face. It is imperative that we support the development of a strong cybersecurity workforce to ensure we can all benefit from secure and trustworthy cyberspace.”
In a press release, the NSF said the money is to address the “unique challenges of recruiting and retaining cybersecurity professionals to work in careers with local, state, federal or tribal governments.”
That includes more than $4 million in funding to the University of South Florida, home to Cyber Florida: The Florida Center for Cybersecurity and the Global and National Security Institute (GNSI).
That money will provide scholarships and support to at least 28 domestic graduate and undergraduate students, who will work with and be mentored by professionals from Cyber Florida and GNSI.
USF calls the new program CREST, which stands for Cybersecurity Research in Education for Service in Government.
The students agree to work in cybersecurity for a federal, state, local, or tribal government organization for the same period of time for which they received the scholarships.
Lead USF researcher Srinivas Katkoori, an associate professor of computer science and engineering, said the COVID-19 pandemic likely accelerated the need for people to work in cybersecurity.
“Because a lot of things are being done digitally, there are more security attacks and vulnerabilities. So absolutely, the pandemic I think has, in some sense, definitely highlighted the problems and also probably opened more vulnerabilities which we are trying to address,” he said.
According to a recent Cybersecurity Ventures report, the global annual cost of cybercrime is expected to top $8 trillion this year.
And Security Intelligence, a thought leadership blog run by IBM Security, reported that ransomware attacks alone accounted for nearly $1.2 billion in costs to U.S. financial institutions in 2021.
While cybersecurity may not be top of mind for everyone, Katkoori said it’s a part of our everyday lives.
“We are living in digital age, where we rely more and more on, cyberspace for all our professional and personal needs,” he said, whether we’re banking or buying something online or reaching out to friends on social media.
Katkoori added that USF is developing a website to recruit students for the CREST program, with some of the focus being on attracting individuals who may be less likely to work in the engineering or IT fields, like women or veterans.
USF joins 89 academic institutions that are already part of the NSF’s CyberCorps: Scholarship for Service program in 39 states, the District of Columbia and Puerto Rico.

source

Thought you should know.
The 2023 World Economic Forum (WEF) in Davos, Switzerland, has filled us with lots of uplifting predictions, like how companies will soon decode our brain waves. The latest warns of a global catastrophic cyber event in the very near future.
“The most striking finding that we’ve found,” WEF managing director Jeremy Jurgens said during a presentation highlighting the WEF Global Security Outlook Report 2023, “is that 93 percent of cyber leaders, and 86 percent of cyber business leaders, believe that the geopolitical instability makes a catastrophic cyber event likely in the next two years. This far exceeds anything that we’ve see in previous surveys.”
Add in the extreme unpredictability of these events—Jurgens cited a cyberattack recently aimed at shutting down Ukranian military abilities that unexpectedly also closed off parts of electricity production across Europe—and the global challenges are only growing.
“This is a global threat,” Jürgen Stock, Secretary-General of Interpol, said during the presentation. “It calls for a global response and enhanced and coordinated action.” He said the increased profits that the multiple bad “actors” reap from cybercrime should encourage world leaders to work together to make it a priority as they face “new sophisticated tools.”
One country that recently saw a massive cyberattack, Albania, is now working with larger allies in warding off the criminals, serving as a laboratory of sorts for folks to realize what is coming.
Edi Rama, Albania’s prime minister, spoke during the presentation, saying that the growth of the cybercrime industry—from $3 trillion in 2015 to an expected $10.5 trillion in 2025, Rama says during the presentation—means that if cybercrime was a state, it would be the third largest global economy after the U.S. and China.
That means the crime coming could truly be catastrophic.
Rama cited the global response to COVID-19 and said a cyberattack could be much more substantial:
Tim Newcomb is a journalist based in the Pacific Northwest. He covers stadiums, sneakers, gear, infrastructure, and more for a variety of publications, including Popular Mechanics. His favorite interviews have included sit-downs with Roger Federer in Switzerland, Kobe Bryant in Los Angeles, and Tinker Hatfield in Portland. 

Superhuman Algorithms Could ‘Kill Everyone’
WiFi Signals Can See People Through Walls
The Elon Musk Doxxing Drama on Twitter: Explained
Should You Still Trust Password Managers?
We Can Stop AI from Taking Over (Maybe)
Bruce Willis Didn’t Sell Out to a Deepfake Firm
Alexa Can Speak in Your Dead Grandmother’s Voice
Why Cybersecurity Experts Never Sleep
Why Internet Explorer Is Dead After 27 Years
First Look: Wyze CamPlus Pro Home Security System
How an AI System Protects Against Eavesdropping
Let Your Inner Superhero Update Your WiFi Name
A Part of Hearst Digital Media
Gear-obsessed editors choose every product we review. We may earn commission if you buy from a link.
©Hearst Magazine Media, Inc. All Rights Reserved.

source

TUCSON, Ariz. (KOLD News 13) – Over the weekend, the Tucson Unified School District was hit by computer hackers who are now holding its data hostage.
On Monday, Jan. 30, it forced schools to do work offline.
Early Monday, staff across the district found a letter in their printers. The letter said the system was hit by Royal ransomware and the district’s data was allegedly encrypted and copied.
13 News showed this letter to an expert, and he said this was an issue that’s being seen more often.
“The group itself that had sent this letter has actually been around about a year and they’ve been ramping up a lot of their activity in the United States,” said Andy Taylor, CEO of TechTalk Radio.
A ransomware attack like this one could’ve spread through TUSD’s system by someone simply clicking on an untrustworthy link, according to Taylor.
The hackers claimed the district’s data has been allegedly copied and can be published online, where anyone will be able to see it.
“There’s always the chance that this information can end up in the wrong hand,” Taylor said. “Now, in the case of Royal and the ransomware, most of the time they’re just looking for a quick payout. They’re hoping that someone will pay them the money and of course, decrypt that info. That’s what happens in a ransomware attack.”
And that’s exactly what the letter said… that Royal was offering them a “unique deal” to get the data decrypted, restored and kept confidential. Right now, Taylor said TUSD is likely working to find the source of the issue.
″My biggest concern is now they’re without their systems and that can affect of course their instruction. They’ve got a day, maybe two days, some of these depending on the infection, of course they’re going through and determining that now, this could last up to months,” he said.
In an email and voicemail sent out to staff and families, the district said a cyber security incident happened on its network and that internet and network services are down as the matter is investigated.
“We are actively working to correct the issue and have notified all the appropriate authorities. All TUSD schools will continue their regular school schedule,” the district said.
Taylor has a friend who works for one of the schools in the district. She also sent him the letter from Royal. He said Monday looked a little different for the teachers and students.
“Pretty much everything is stopped right now. Education is going old school. She has turned it into an instruction on how (it was) before the internet,” he explained.
Andy Taylor said a ransomware attack like this is good time to focus on safe practices so this doesn’t happen to you. This includes running updates, not clicking on links and questioning everything.
Copyright 2023 KOLD News 13. All rights reserved.

source