ReportWire

Tag: Computer security

  • Parenting 101: 5 Lessons to keep kids safe online for the new school year

    [ad_1]

    The back-to-school season is exciting – new knowledge, new digital tools, and new discoveries. But it also brings higher cybersecurity risks for both schools and children. Cybersecurity experts are urging children, parents, and school communities to stay extra alert during this period.

    “The back-to-school period requires additional efforts to keep children and school communities safe online. A new beginning means new digital tools, online searches, and registrations for learning platforms. All of that increases cyber risks that must be taken seriously,” said Karolis Arbačiauskas, head of product at NordPass, in a media release

    A new study by NordPass, in collaboration with NordStellar, reveals a worrying truth: many educational institutions are still using shockingly weak passwords to protect sensitive data. Entries like “123456”, “Edifygroup@1”, and “principal@2021” appeared frequently, showing a widespread reliance on predictable or outdated credentials that are easy for hackers to guess.

    This is why the back-to-school season is the perfect moment to talk to children about cyber hygiene – the dos and don’ts in digital environments – and to help them build strong habits for digital security and privacy. “Learning about cybersecurity can be fun. Many families of cybersecurity professionals make it a game – they host a small party with snacks and guide their children through five simple but essential exercises,” said Arbačiauskas.

    Cybersecurity experts advise to take these steps to preserve your own cybersecurity and that of your family members (it can also be used as inspiration for your family’s Cyber Party):

    • Create strong and unique passwords. Make sure every account in your family – whether it’s yours, your parents’, your significant other’s, or your children’s – uses a strong and unique password. The easiest way to do it? Use a trusted password manager to generate, store, and share them securely.
    • Turn on multi-factor authentication (MFA). Add an extra layer of security wherever you can, especially to access school portals, email accounts, and social apps. MFA helps keep hackers out even if a password gets breached – and they get breached more often than you think. A recent study by NordPass revealed that many educational institutions still use shockingly weak passwords.
    • Update devices and apps. Keep phones, tablets, and laptops up to date with the latest software. Outdated apps can contain vulnerabilities that hackers take advantage of to get backdoor access into your device. Updates patch these security holes so that cybercriminals can no longer exploit them.
    • Talk about phishing. Discuss cybersecurity with your family and why it matters. Teach them to never click suspicious links or open unknown attachments – especially in emails or messages claiming to be from the school. When in doubt, verify with the sender by using a website checker.
    • Adjust privacy settings. Review and tighten privacy settings on social media, online games, and school platforms. Limit what personal info is publicly visible and who can contact your kids online.

    – JC

    [ad_2]

    Source link

  • Middleton teen keynote speaker at Salute to Scouting Gala

    Middleton teen keynote speaker at Salute to Scouting Gala

    [ad_1]

    BOSTON — Mira Plante, of Middleton, was the keynote speaker earlier this month when Scouting Boston honored business leaders Pamela Everhart and Joe Campanelli with the 44th presentation of the Ralph Lowell Distinguished Citizen Award.

    The award was presented by the Scout’s Spirit of America Council at the Boston Harbor Hotel with approximately 300 guests in attendance. Plante was lauded as an inspiration and role model, as one of the first young women to earn the rank of Eagle Scout in Massachusetts. A 2020 honors graduate of Masconomet Regional High School, she’s now a graduate of Worcester Polytechnic Institute with a bachelor’s degree in computer science and a masters degree in cybersecurity. She is also a Scholarship for Service Recipient.

    An announcement noted that her journey started as a member of a family that immigrated to the U.S. to becoming an Eagle Scout to her recent graduation from WPI with a master’s degree in cybersecurity, propelled by her involvement in the Scouting Boston STEM-focused programs.

    This year’s gala marked the fifth anniversary of the historic decision to welcome girls of all ages into the nation’s most iconic youth development program. The milestone underscores the dedication of the Spirit of Adventure Council — which supports more than 7,300 Scouts in Massachusetts — to providing career exploration opportunities for all youth across the region, irrespective of gender or background.

    “The urgent need is a clarion call for our community, nation, and world to step up and do a better job in helping young people learn, grow and realize their full promise,” said Scouting Boston CEO and Scout Executive John Judge. “With challenges like tech overload, loneliness, nature deficit, and in-activity — we must step up to meet the critical needs of our youth. The programs and values of Scouting are sorely needed in today’s world.”

    [ad_2]

    By News Staff

    Source link

  • Local hospital network data breach may affect over 500

    Local hospital network data breach may affect over 500

    [ad_1]

    SALEM, N.H. — A data breach at a local hospital network caused more than 500 patients’ personal information to be leaked.

    Northeast Rehabilitation Hospital Network, 70 Butler St., announced on its website that between May 13 and May 22, there was unauthorized access to the company’s network and files containing sensitive information may have been accessed.

    Information was accessed from Neuro Rehab Associates Inc., a subsidiary founded in 1983, according to the data breach portal for the U.S. Department of Health and Human Services’ Office for Civil Rights.

    The breach was reported to the Department of Health and Human Services on July 17.

    Despite claiming it was an instance of unauthorized access, the department categorized the breach as a hacking and IT incident and noted the information was found on network servers.

    NRHN said it is investigating the breach’s severity and will only notify people who have been affected and that it reported the incident to a federal law enforcement agency.

    NRHN has four inpatient hospitals in New Hampshire and more than 25 outpatient rehabilitation clinics across Massachusetts and New Hampshire.

    The company said while it is still investigating the breach’s extent, the information that could have been stolen includes patients’ names, contact information, dates of birth, Social Security numbers, driver’s license and ID numbers, financial account information, diagnoses, treatments and health insurance information.

    NRHN has asked for patients to remain vigilant and, if they believe they are a victim of this breach, to contact it by email at NRHNCyberInfo@northeastrehab.com.

    [ad_2]

    By Katelyn Sahagian | ksahagian@northofboston.com

    Source link

  • Salem State gets $624K grant for cybersecurity training center

    Salem State gets $624K grant for cybersecurity training center

    [ad_1]

    SALEM — Salem State University announced this week that it received a $624,437 grant to establish and operate a cybersecurity training facility on campus.

    The grant is part of the state’s Security Operations Center (SOC) Cyber Range Initiative, a program managed by Mass Tech’s MassCyberCenter that aims to help build a diverse generation of cybersecurity professionals through education, training and workforce development, according to a news release.

    “Massachusetts is committed to leading in cybersecurity and ensuring that all communities have the skills, resources and capacity to protect their businesses and residents,” Gov. Maura Healey said. “Congratulations to Salem State on this award and their efforts to grow the cyber workforce.”

    Lt. Gov. Kim Driscoll said how proud she is, “as Salem’s former mayor and a Salem State graduate … of the work the university is doing to teach students critical cybersecurity skills.

    “Cybersecurity affects every part of our community whether you are a small business, elementary school or local government office. The more cybersecurity professionals we have, the more we can ensure our communities are protected online,” Driscoll said.

    “Salem State is grateful to the Healey-Driscoll Administration and the MassCyberCenter for selecting us for this important partnership,” Salem State President John Keenan said. “This type of investment and professional relationships are a win-win for everyone involved.

    “Like our nursing and occupational therapy simulation labs, the CyberRange will imitate real-world problems for students to solve in real time,” he said.

    The funding is expected “to promote cybersecurity while also ensuring Massachusetts stays competitive in modern economic development,” said Yvonne Hao, state secretary of economic development and board chair of the Massachusetts Technology Collaborative.

    Salem State will join Bridgewater State University, Springfield Technical Community College and MassBay Community College as a critical part of a statewide network of cybersecurity educators, MassCyberCenter Director John Petrozzelli said.

    The award will support capital expenditures to construct the CyberRange and expenditures for the first year of operations.

    The center is expected to promote the Massachusetts cybersecurity ecosystem by working to build a strong cyber talent pipeline and to strengthen the defense of local communities.

    More information is available online at https://masscybercenter.org.

    [ad_2]

    By Buck Anderson | Staff Writer

    Source link

  • The No-Fly List Has Been Leaked, TSA Investigating ‘Cybersecurity Incident’

    The No-Fly List Has Been Leaked, TSA Investigating ‘Cybersecurity Incident’

    [ad_1]

    The Transportation Security Administration’s No-Fly List is one of the most important ledgers in the United States, containing as it does the names of people who are perceived to be of such a threat to national security that they’re not allowed on airplanes. You’d have been forgiven then for thinking that list was a tightly-guarded state secret, but lol, nope.

    A Swiss hacker known as “maia arson crimew” has got hold of a copy of the list—albeit a version from a few years ago—not by getting past fortress-like layers of cybersecurity, but by…finding a regional airline that had its data lying around in unprotected servers. They announced the discovery with the photo and screenshot above, in which the Pokémon Sprigatito is looking awfully pleased with themselves.

    As they explain in a blog post detailing the process, crimew was poking around online when they found that CommuteAir’s servers were just sitting there:

    like so many other of my hacks this story starts with me being bored and browsing shodan (or well, technically zoomeye, chinese shodan), looking for exposed jenkins servers that may contain some interesting goods. at this point i’ve probably clicked through about 20 boring exposed servers with very little of any interest, when i suddenly start seeing some familar words. “ACARS”, lots of mentions of “crew” and so on. lots of words i’ve heard before, most likely while binge watching Mentour Pilot YouTube videos. jackpot. an exposed jenkins server belonging to CommuteAir.

    Among other “sensitive” information on the servers was “NOFLY.CSV”, which hilariously was exactly what it says on the box: “The server contained data from a 2019 version of the federal no-fly list that included first and last names and dates of birth,” CommuteAir Corporate Communications Manager Erik Kane told the Daily Dot, who worked with crimew to sift through the data. “In addition, certain CommuteAir employee and flight information was accessible. We have submitted notification to the Cybersecurity and Infrastructure Security Agency and we are continuing with a full investigation.”

    That “employee and flight information” includes, as crimew writes:

    grabbing sample documents from various s3 buckets, going through flight plans and dumping some dynamodb tables. at this point i had found pretty much all PII imaginable for each of their crew members. full names, addresses, phone numbers, passport numbers, pilot’s license numbers, when their next linecheck is due and much more. i had trip sheets for every flight, the potential to access every flight plan ever, a whole bunch of image attachments to bookings for reimbursement flights containing yet again more PII, airplane maintenance data, you name it.

    G/O Media may get a commission

    Samsung Reserve

    Up to $100 credit

    Samsung Reserve

    Reserve the next gen Samsung device
    All you need to do is sign up with your email and boom: credit for your preorder on a new Samsung device.

    The government is now investigating the leak, with the TSA telling the Daily Dot they are aware of a potential cybersecurity incident, and we are investigating in coordination with our federal partners”.

    If you’re wondering just how many names are on the list, it’s hard to tell. Crimew tells Kotaku that in this version of the records “there are about 1.5 million entries, but given a lot are different aliases for different people it’s very hard to know the actual number of unique people on it” (a 2016 estimate had the numbers at “2,484,442 records, consisting of 1,877,133 individual identities”).

    Interestingly, given the list was uploaded to CommuteAir’s servers in 2022, it was assumed that was the year the records were from. Instead, crimew tells me “the only reason we [now] know [it] is from 2019 is because the airline keeps confirming so in all their press statements, before that we assumed it was from 2022.”

    You can check out crimew’s blog here, while the Daily Dot post—which says names on the list include members of the IRA and an eight year-old—is here.

    [ad_2]

    Luke Plunkett

    Source link