Golden State Protective Services, Inc.

500m LinkedIn accounts leaked An individual is selling the data of 500 million LinkedIn profiles on a popular cybercriminal forum, according to news reports. The leaked files contain information about the LinkedIn users whose data has been allegedly scraped by the threat actor, including their full names, email addresses, phone numbers, workplace information, and more, according to CyberNews.... Users on the forum could view the leaked samples for about $2 worth of forum credits and the threat actor was auctioning the 500 million user database for at least a 4-digit sum. The threat actor claimed the data was scraped from LinkedIn. CyberNews was able to confirm this claim by looking at the samples provided on the hacker forum. LinkedIn later forming that the data for sale was not acquired as a result of the data breach and is aggregation of data from a number of websites and companies. Other threat actors are looking to profit from this data leak. A new collection of databased was put on sale on the same cybercriminal forum by another users, for $7,000 worth of bitcoin. The threat actor claims he has obtained the original 500-million database and six other archives that purportedly include 327 million scraped LinkedIn profiles. See If Your Data Has Been Scraped: https://cybernews.com/personal-data-leak-check/

Cybersecurity training lags, while hackers capitalize on the pandemic Recently, TalentLMS partnered with Kenna Security to survey 1,200 employees on their cybersecurity habits, knowledge of best practices, and ability to recognize security threats. Here are some of the staggering results that offer some explanation as to why cybercrime has grown into such a lucrative business: 69% of respondents have received cybersecurity training from their employers, and yet, when ask...ed to take a basic quiz, 61% failed Only 17% of surveyed employees working in information services passed the quiz, compared to 57% of healthcare employees 59% of employees received cybersecurity training in response to the rise in remote work as a result of the COVID-19 pandemic 60% of employees who failed the cybersecurity quiz report that they feel safe from threats More employees store their passwords in plaintext than those that keep them in password managers Office employees report feeling safer from cybersecurity threats than remote ones, but have much worse security habits. Experts offer advice on how to improve cybersecurity training initiatives for better results These staggering results lead to the conclusion that simply having a cybersecurity training program in place isn’t enough. The majority of employees also report that their companies have implemented the correct fundamental safeguards that provide essential protection from cybersecurity threats: 66% require employees to use 2-factor authentication 67% have an established policy for reporting lost and stolen devices 75% enforce mandatory periodic password changes Physical Security is important but Cyber Threats are not going away and now is time to get systems in place to protect your company

Academic study highlights 100% rise in nation state attacks over three years What Your I.T. Departments Needs To Know Independent research conducted by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey, and sponsored by HP Inc. highlights a 100% rise in ‘significant’ nation state incidents between 2017-2020. Analysis of over 200 cybersecurity incidents associated with nation state activity since 2009 also shows the enterprise is now the most c...ommon target (35%), followed by cyberdefense (25%), media and communications (14%), government bodies and regulators (12%), and critical infrastructure (10%). The academic study shows that nation state cyberattacks are becoming more frequent, varied and open; moving us closer to a point of ‘advanced cyberconflict’ than at any time since the inception of the internet. Learn more below https://threatresearch.ext.hp.com/web-of-profit-nation-sta/

Enterprises says physical security made more important since COVID-19 Enterprise security leaders say physical security solutions are more important due to the COVID-19 pandemic. In the 2021 Smart Security Trends Report from cloud-based access control company Brivo, more than 500 U.S.-based physical security and facility management professionals between November 2020 to January 2021 were asked about the physical security impacts from COVID-19 as well as the challenges faci...ng organizations as they look to reopen their doors. In the report, 75% of respondents said the coronavirus pandemic increased the importance of physical security within their organizations. Sixty percent of respondents said they either see a need for immediate cloud-based technology upgrades or are considering the tech in the near term. When asked to reflect on continued operations at the beginning of the pandemic, close to 30% of respondents said they did not have centralized security solutions in place and struggled during the pandemic to manage day-to-day operations. Many security leaders also admitted a pain point of leveraging data for physical security 70% said they have problems with data, ranging from too much, too little, or a lack of understanding how to use it. In terms of technology 61% of respondents noted that integration was the most important goal for them in 2021 and additionally, 26% said technology for enforcing contact tracing, social distancing and healthy building compliance requirements is critical for pandemic response. #Physicalsecurity #Pandemic

Hobby Lobby exposes of 138GB of customer and payment data Is Your "Cloud Data" Secure American arts and crafts giant Hobby Lobby has exposed a large amount of customer data, including names, phone numbers, physical and email addresses, and the last four digits of payment cards, and the source code for the company's app, according to a security researcher known as "boogeyman," who discovered the leak.... According to VICE, the data dates back to 2020 and impacted more than 300,000 users, the security researcher said, and totaled 138GB in size. The researcher provided screenshots of the data to Motherboard. The screenshots show the data was hosted on an open AWS bucket. In an email, Hobby Lobby said, "We identified the access control involved and have taken steps to secure the system." The security researcher told Motherboard they tried to warn Hobby Lobby of the data leak, but received no response. Douglas Murray, CEO at Valtix, says, this is the "latest example of why we need to take public cloud threat vectors so seriously. In 2020, spend in public cloud exceeded spend in on-prem data centers for the first time. The hackers are doing their own version of lift and shift and are aggressively moving to where the market is going. Just as concerning is that for every Hobby Lobby like leak that we learn about, there is another that goes undetected. It is critical that enterprises make securing their cloud data and workloads a top priority. You need a layered defense approach. Enterprises need to ensure that any endpoint exposed to internet has proper network security to detect and prevent data leakage.

New spear phishing emails target C-suite executives, assistants & financial departments Are You At Risk Area 1 Security recently stopped a sophisticated Microsoft Office 365 credential harvesting campaign targeting C-suite executives, high-level assistants, and financial departments across numerous industries, including financial services, insurance, and retail. Further research and analysis of the activity revealed a much larger operation than originally discovered. Thi...s included several additional directly-related credential phishing campaigns that targeted the same industries and positions using sophisticated techniques and advanced phishing kits, to bypass Microsoft’s native email defenses and email authentication. The campaigns, which began in early December and continued through February, targeted only select individuals at each company. Unlike the spray and pray method often seen with these types of cybercriminal-driven credential harvesting campaigns, this limited activity suggests a more targeted approach. A large majority of the phishing attacks stopped by Area 1 Security were headed to financial controllers and treasurers at various international companies. Are You At Risk. Learn More https://www.area1security.com//microsoft-365-spoof-target/ #cybersecurity #informationsecurity #riskmanagement #spearphishing

As 5G technology Things You Should Know It is critical that information security professionals become familiar with 5G system architecture and security architecture, as well as the risks that come with implementing new cellular technologies. ISACA’s new white paper, 5G Security: Addressing Risk and Threats of Mobile Network Technologies, explores these topics, and compares 5G technology with 4G and previous generation cellular technologies. Professionals and their organi...zations can also realize substantial benefits through implementing 5G technology. 5G’s vast improvements over the current capabilities of the 4G and previous networks, are: 5G technology’s faster network with higher capacity can serve the connectivity needs of the Internet of Things (IoT) ecosystem, eliminating lags in data transmission across the network. 5G technology’s flexibility can support many static and mobile IoT devices, which have a diverse range of speed, bandwidth and quality of service requirements. 5G technology will result in a 90% reduction in network energy usage with up to 10 years’ worth of battery life for low-powered IoT devices. After more than a decade with 4G, 5G technology will strongly improve individuals’ lives and business processes, says Ronke Oyemade, CISM, CISA, CRISC, CDPSE, PMP manager, financial compliance IT, CNN-Turner Broadcasting Systems, and lead developer of the paper. Despite the risks and threats that can come with new mobile network technology, 5G security architecture’s features better mitigate existing risks from previous cellular technologies. 5G Security: Addressing Risk and Threats of Mobile Network Technologies is complimentary and can be downloaded at www.isaca.org/bookstore/bookstore-wht_papers-digital/whp5gs.

El Pollo Loco uses managed security services to reduce false alarm costs and boost overall security A New Approach The restaurant chain, El Pollo Loco, was looking for a way to cut false alarm costs and deter crime. The chain, with 198 restaurants, famous for its fire-grilled chicken, was spending thousands of dollars in annual false alarm penalties each year across its stores. In addition to false alarm fees, El Pollo Loco staff were dealing with alarm systems not worki...ng or failing. When Louis Burke, Senior Manager, Safety & Loss Prevention, joined El Pollo Loco, he had to contend with numerous alarm management protocols as El Pollo Loco had half a dozen vendors for intrusion alarms. Every vendor had different terms of engagement and there was no way to hold anyone responsible even when the alarm systems failed. Ultimately, the restaurant chain decided that a managed services approach to its alarm system would not only help reduce costs of false alarm penalties, but would give the company a better handle on all of its alarm systems and be able to get more value out of their existing physical security. El Pollo Loco turned to Interface Security Systems, a managed service provider delivering business security for managed video verified alarms and intrusion alarm monitoring to reliably detect intrusions and minimize false alarms.

Coming To Squad Cars Near You? Greek police are set to introduce live face recognition before the summer. By the summer of 2021, the Greek police will receive thousands of devices allowing for live facial recognition and fingerprint identification. The devices will be deployed in everyday police work, according to a Greek police officials. ... The project, called Smart Policing, aims at the identification and verification of citizens identity when stopped by the police. The facial recognition will speed up the process of identifying citizens quicker. While there aren’t many details about the devices themselves, this means that the convenience they bring will likely come with increased risk. Learn more here: https://algorithmwatch.org//greek-police-live-facial-recog

Passwords May Be Thing Of The Past Enterprises worldwide are accelerating the adoption of passwordless authentication technologies in response to the increase in cybersecurity threats in 2020, according to a new report released by HYPR, The Passwordless Company and Cybersecurity Insiders. 2021 State of Passwordless Security... The report includes insights from over 425 information technology professionals, representing a cross-section of organizations of varying sizes across multiple industry verticals, globally. It uncovered the key drivers and barriers to passwordless adoption and organizations' technology preferences, based on data from Cybersecurity's 500,000-member community. See the full report below https://www.hypr.com//The_State_Of_Passwordless_Authentica

Time To Have That Meeting With Your I.T. Department. Cybor Hacking Is Real and is a Clear and Present Danger to your Business. Read more below The 16th edition of the World Economic Forum’s Global Risks Report analyses the risks from societal fracturesmanifested through persistent and emerging risks to human health, rising unemployment, widening digital divides, youth disillusionment, and geopolitical fragmentation. Among the highest impact risks of the next decade, in...fectious diseases are in the top spot, followed by climate action failure and other environmental risks; as well as weapons of mass destruction, livelihood crises, debt crises and IT infrastructure breakdown, the World Economic Forum says. The report also ranked cybersecurity failure as a critical threat to the world. The COVID-19 pandemic has accelerated technological adoption, yet exposed cyber vulnerabilities and unpreparedness, while at the same time exacerbated the tech inequalities within and between societies, says the World Economic Forum. Looking ahead, it will be critical to continue elevating cybersecurity as a strategic business issue and develop more partnerships between industries, business leaders, regulators and policymakers as it cannot be addressed in silos. Yaniv Bar-Dayan, CEO and co-founder at Vulcan Cyber, says, ‘Cybersecurity failure’ is correctly ranked as a top-four, short-term risk and is a clear and present threat to the world. Even more alarming is the direct correlation cybersecurity has to other threats on the global risk horizon such as digital inequality, IT infrastructure breakdowns, and even terrorist attacks and weapons of mass destruction as the traditional definitions of both ‘terrorism’ and ‘weapons’ are becoming more related to cybersecurity in our digital world. Fortunately, we have more control over cybersecurity risks than we do over other threats like infectious diseases and extreme weather events. However, the IT security industry must be much more diligent and proactive in improving the cyber hygiene of our digital infrastructure.

How Cyber Criminals Make Money After a data breach, much of that stolen personal and sometimes highly personally identifiable information (PII) is sold on markets residing within the dark web. But, how much does the sale of stolen information work, exactly, and how much money are criminals making? Comparitech researchers analyzed listings across 40+ dark web marketplaces gathering data on how much stolen identities, credit cards and hacked PayPal accounts are worth to c...ybercriminals. This data - most often stolen through phishing, credential stuffing, data breaches, and card skimmers - is bought and sold on dark web marketplaces. Here’s a few tips for avoiding those attacks, from Comparitech researchers: There’s not much an end user can do about data breaches except to register fewer accounts and minimize your digital footprint. Keep an eye out for card skimmers at points of sale, particularly unmanned ones such as those at gas stations. Learn how to spot and avoid phishing emails and other messages. https://www.comparitech.com/bl/vpn-privacy/dark-web-prices/