Saturday, April 13, 2019

Is Your AirBnB Host Secretly Filming And Or Streaming Your Stay With Hidden Cameras? Find out how Not To Be.


Airbnbs have have turn the way we vacation, offering accommodations that span all levels. We just booked a house in Hawaii for the whole family, in a hotel, we would have to rent two suites plus a few rooms.

But lately, the scene has proven to be not that rosy, creepy crawlies have invaded the serene space. According to CNN, a family from New Zealand discovered a hidden camera livestreaming from a property they were renting in Cork, Ireland. That follows claims of several other secret camera discoveries, which were reported last month by The Atlantic magazine .
Airbnb says it has taken action, investigated and apologized where appropriate and Airbnb insists that thesr types of negative experiences are rare. They actually said extremely rare but I don't buy that.
"The safety and privacy of our community -- both online and offline -- is our priority," Airbnb said in a statement following the Ireland incident. "Airbnb policies strictly prohibit hidden cameras in listings and we take reports of any violations extremely seriously."
Andrew Barker from New Zealand who discovered the Ireland video cameras thanks to his IT knowledge, is helping other travelers to learn how to scan networks for covert devices.
For those who want to follow the Barkers' advice, security experts point to varying levels of checks, from the cursory to the in-depth that could help identify hidden lenses.
First of all, checks should be made around each room for strange devices, the shine of camera lenses and tiny holes, according to tech websites such as lifehacker and Digital Trends .
They say this should include the back ends of books, mirrors, light bulbs, house plants, areas that would give the best field of view.
"Assuming the camera has some form of lens, you use a device that has a very bright light source and a viewfinder that allows you to scan for the reflections from the lens," Professor Alan Woodward from the Center for Cyber Security at the UK's Surrey University, told CNN.
Some cameras can operate in the dark and to do that they need an infrared source, he added.
"If that were the case you could (assuming it's dark) turn off all the lights and use your forward-facing phone camera which tends not to have an IR filter fitted and so may see any IR illumination, assuming it's there."
It's also possible to install apps on your phone that can scan for hidden cameras or buy a radio frequency scanner.
"If it does transmit RF, then you can again buy a standard bug detector that you sweep the room with to search for hidden sources of radio transmission," says Woodward. "There are some products out there that combine the optical and RF detection methods."
Internet cameras need a data connection to store or stream their footage, says tech company Fing , so cameras may be connected to your Airbnb host's network, the same Wi-Fi that you have been allowed to connect to -- as was the case for the Barker family in Cork.
Companies like Fing have devices that scan Wi-Fi networks and see all the other devices, both wired and wireless, connected.
If a webcam camera has no connection to the Internet it can't send its footage, so disconnecting the Internet would stop the streaming.
You can get more in depth info at this CNN Article.

Friday, April 12, 2019

Matrix Project Hacked And Undergoes Extensive Infrastructure Rebuild - If you're a matrix.org user change your password now.

Matrix Project is an open source end-to-end encrypted messaging protocol that allows anyone to self-host a messaging service on their own servers. The service was a favorite among opensource developers, including many instant messengers, VoIP, WebRTC, bots and IoT communication. We ourselves were looking to it for IoT messaging.

The sad news is that hacker got access to key servers of the project. According to Matrix project unknown attackers exploited a sandbox bypass vulnerability in its production infrastructure on 4th of April via an outdated, vulnerable version of Jenkins automation server.

After taking down and fixing the other server on production, the Matrix Project found out that their DNS was hijacked and pointing to an defacement server hosted on Github.
Since then the team realized that the stolen encrypted password hashes were exfiltrated from the production database, Matrix.org forced to log out all users and strongly advised them to change their passwords immediately.

“Forensics are ongoing; so far we've found no evidence of large quantities of data being downloaded. The attacker did have access to the production database, so unencrypted content (including private messages, password hashes and access tokens) may be compromised,”"This was a difficult choice to make. We weighed the risk of some users losing access to encrypted messages against that of all users' accounts being vulnerable to hijack via the compromised access tokens, We hope you can see why we made the decision to prioritize account integrity over access to encrypted messages, but we're sorry for the inconvenience this may have caused." said the project management, “Forensics are ongoing; so far we've found no evidence of large quantities of data being downloaded. The attacker did have access to the production database, so unencrypted content (including private messages, password hashes and access tokens) may be compromised,”


The Press Release by the Matrix Project (You may also find the latest updates via the link);

Thursday, April 11, 2019

IBM Study Estimates the Full Cost of "Mega Breaches," Could be as High as $350 Million, Per.



(NYSE: IBM) IBM Security released today the results of a global study on organizational readiness and followup when it comes under attacks and subsequent recovery from such a cyber attack.
Ponemon Institute conducted the study on behalf of IBM, and found that a vast majority of organizations surveyed are still unprepared to properly respond to cybersecurity incidents, with 77% of respondents indicating they do not have a cybersecurity incident response plan applied consistently across the enterprise.
Studies by IBM show that companies who can respond quickly and efficiently to contain a cyber attack within 30 days save over $1 million on the total cost of a data breach on average companies failed to invest in or implement proper cybersecurity incident response planning. This has remained consistent over the past four years of the study. The other pitfall is that even the organizations that do have a plan in place, more than half (54%) failed to test their plans regularly, which can leave them less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.
The difficulty cybersecurity teams are facing in implementing a cyber security incident response plan has also impacted businesses' compliance with the General Data Protection Regulation (GDPR). Nearly half of respondents (46%) say their organization has yet to realize full compliance with GDPR, even as the one-year anniversary of the legislation quickly approaches.   
"Failing to plan is a plan to fail when it comes to responding to a cybersecurity incident. These plans need to be stress tested regularly and need full support from the board to invest in the necessary people, processes and technologies to sustain such a program," said Ted Julian, Vice President of Product Management and Co-Founder, IBM Resilient. "When proper planning is paired with investments in automation, we see companies able to save millions of dollars during a breach."
To learn more about the full results of the study, download "The 2019 Study on the Cyber Resilient Organization."
Sign up for our upcoming webinar: "Leaders, Laggards: The latest findings from the Ponemon Institute's study on the Cyber Resilient Organization" which will be held April 30 from 12:00-1:00pm EST.

SOURCE IBM

Global Facial Recognition Market - Forecast to 2023 - Research And Markets

Need for advanced security and surveillance systems in public places to improve public safety and security is a major driving factor for the facial recognition market. The Smart City initiative by the Indian government is a great example depicting the growing need of surveillance and monitoring systems where the underdeveloped cities are being equipped by 24x7 surveillance systems to improve the safety, security, as well as traffic management in the cities. China has made massive investments for the facial recognition startup Face+++. The Chinese government is aiming to build a facial recognition AI to improve the surveillance systems.
Among many other developments, following are explaining the spread of the technology;
  • July 2018: Texas-based startup Blink Identity announced, it raised USD 1.5 million in a seed round led by Sinai Ventures with the participation of Live Nation, Techstars, and other live entertainment related funds. Blink Identity has created a fast, accurate, and user-first identity service for live entertainment venues, solving the bottleneck problem and creating a preferential experience for consumers and venue owners
  • July 2018: Western Union patents money transfer system using biometrics-based sender verification. Facial recognition systems can see the expansion into banking industry with the development of biometric verification for cryptocurrency exchange
  • July 2018: Seattle airport is the latest to trial facial recognition for flight boarding. Lufthansa has boarded nearly 350 passengers onto an Airbus A380, the largest model of passenger airliner in the world, at Seattle-Tacoma International Airport was a part of a pilot project in partnership with the U.S. Customs, and Border Protection (CBP)


DUBLIN--(BUSINESS WIRE)--The "Global Facial Recognition Market - Segmented by Technology, Type, Application, End User, and Region - Growth, Trends, and Forecast (2018 - 2023)" report has been added to ResearchAndMarkets.com's offering.
The Facial Recognition Market was valued at USD 3.83 billion and is expected to reach USD 8.26 billion by 2023, with a CAGR of 13.68% during the forecast period (2018-2023). The report profiles the technologies of facial recognition, like 2D, 3D, and facial analytics in various regions.
The facial recognition market is expected to benefit from the measures taken by companies towards security and privacy of the organization and attendance tracking. Multimodal biometric systems have seen increasing adoption for two step or three step authentication. This has led to the growth of facial recognition technology as a secondary authentication method.
Government investment to improve security across the borders and within public spaces has opened new venues for players in the facial recognition market. Developing video surveillance systems across the world is also fueling the growth of the facial recognition market. The smartphones industry is integrating facial recognition as a primary authentication technique thus, with the growth of smartphone industry facial recognition market is also expected to grow.
Increasing Need for Enhanced Surveillance & Monitoring
Need for advanced security and surveillance systems in public places to improve public safety and security is a major driving factor for the facial recognition market. The Smart City initiative by the Indian government is a great example depicting the growing need of surveillance and monitoring systems where the underdeveloped cities are being equipped by 24x7 surveillance systems to improve the safety, security, as well as traffic management in the cities. China has made massive investments for the facial recognition startup Face+++. The Chinese government is aiming to build a facial recognition AI to improve the surveillance systems.
Additionally, organizations are also improving their surveillance systems to monitor and enhance the organizational environment. Data breaches are a critical concern for any organization, and this can be tracked through surveillance systems to identify trespassing. Thus, with increasing demand for surveillance and security, the market for facial recognition is also expected to grow.
Asia-Pacific is the Fastest Growing Region for the Market
The Asia-Pacific region is expected to grow at a high rate during the forecasted period due to increasing investment in facial recognition technology by governments and growing surveillance systems in the developing countries, such as India and China. The increasing number of firms recognizing facial recognition technology as an advanced security feature is also pushing the facial recognition market growth in this region.
The major players in the APAC market, like NEC and Cognitec, among others are continuously developing their technology and partnering with various organizations and governments to provide their facial recognition technology. For instance, Singapore's Changi Airport implemented facial recognition technology into Fast and Seamless Travel (FAST) systems and also the Indian government is increasing its surveillance systems through the smart city program. As APAC region has an increasing demand for the surveillance and is expanding the infrastructure for facial recognition technology it is estimated to grow at a high rate.
Key Developments in the Market
  • July 2018: Texas-based startup Blink Identity announced, it raised USD 1.5 million in a seed round led by Sinai Ventures with the participation of Live Nation, Techstars, and other live entertainment related funds. Blink Identity has created a fast, accurate, and user-first identity service for live entertainment venues, solving the bottleneck problem and creating a preferential experience for consumers and venue owners
  • July 2018: Western Union patents money transfer system using biometrics-based sender verification. Facial recognition systems can see the expansion into banking industry with the development of biometric verification for cryptocurrency exchange
  • July 2018: Seattle airport is the latest to trial facial recognition for flight boarding. Lufthansa has boarded nearly 350 passengers onto an Airbus A380, the largest model of passenger airliner in the world, at Seattle-Tacoma International Airport was a part of a pilot project in partnership with the U.S. Customs, and Border Protection (CBP)
Key Topics Covered
1. Introduction
1.1 Scope of Study
1.2 Executive Summary
2. Research Methodology
2.1 Study Deliverable
2.2 Study Assumptions
2.3 Research Methodology
2.4 Research Phases
3. Market Insights
3.1 Market Overview
3.2 Ecosystem Analysis
3.3 Industry Attractiveness - Porter's Five Forces Analysis
3.4 Technology Roadmap
4. Market Dynamics
4.1 Introduction
4.2 Drivers
4.2.1 Increased Need for Enhanced Surveillance and Monitoring at Public Places
4.2.2 Increasing adoption of multimodal biometric systems
4.2.3 High investment from Government to Improve Security
4.3 Restraints
4.3.1 High setup cost for Facial recognition system
5. Global Facial Recognition Market Segmentation
5.1 By Technology
5.1.1 2D Facial Recognition
5.1.2 3D Face Recognition
5.1.3 Facial Analytics
5.2 By Type
5.2.1 Software
5.2.2 Hardware
5.2.3 Services
5.3 By Application
5.3.1 Identity Management
5.3.2 Law Enforcement
5.3.3 Border Security
5.3.4 Photo Indexing and Sorting
5.3.5 Physical Security
5.3.6 Others
5.4 By End User
5.4.1 Government
5.4.2 Medical
5.4.3 Commercial
5.4.4 Defence
5.4.5 Others
5.5 By Region
5.5.1 North America
5.5.2 Europe
5.5.3 Asia Pacific
5.5.4 Middle East & Africa
5.5.5 Latin America
6. Competitive Intelligence - Company Profiles
6.1 214 Technologies Inc.
6.2 A1 Communications Korea
6.3 Advanced Biometrics
6.4 AmpleTrails
6.5 Animetrics
6.6 ARH INC.
6.7 Ayonix Corp.
6.8 Cognitec Systems GmbH
6.9 DERMALOG Identification Systems GmbH
6.10 Gemalto N.V.
6.11 IDEMIA
6.12 NEC Corporation
6.13 Princeton Identity
6.14 SeeTec GmbH
6.15 StoneLock Global Ltd.
6.16 SUPREMA
6.17 Techshino Technology
List not Exhaustive
7. Investment Analysis
8. Future of Facial Recognition Market
For more information about this report visit https://www.researchandmarkets.com/research/9rln6m/global_facial?w=4

Contacts

ResearchAndMarkets.com
Laura Wood, Senior Press Manager
press@researchandmarkets.com
For E.S.T Office Hours Call 1-917-300-0470
For U.S./CAN Toll Free Call 1-800-526-8630
For GMT Office Hours Call +353-1-416-8900
Related Topics: Biometrics

Friday, April 05, 2019

JS-sniffers, A Crime without punishment - A process Analysis

Crime without punishment: in-depth analysis of JS-sniffers
Group-IB experts, in addition to the previously 12 known JS-Sniffer families,  have discovered additional 26 different JS-sniffer families
According to the same group, the total daily number of visitors of all the infected sites exceeds 1.5 million people. That is a considerable number and that keeps growing, both number of customer and selling sites.
Obviously the target is stealing credit card information and those cards are sold underground. Selling compromised payment data cyber criminals can earn from $1 to $5 per card. That is not the only income in the chain, JS-sniffers can be bought or rented on underground forums, with their price ranging from $250 to $5,000.
These breaches known as Magecart commonly, are in the news a lot lately, and is an umbrella term given to different cyber criminal groups that are specialized in secretly implanting a special piece of code on compromised e-commerce sites with an intent to steal payment card details of their customers.
Magecart made headlines last year when cyber criminals breached a several high-profile e-commerce sites involving major companies like British Airways, Ticketmaster, and Newegg, The latest victim sites are bedding retailers MyPillow and Amerisleep.
Security firm Group-IB published a threat analysis report detailing the mentioned 38 different JS-Sniffer families that its researchers documented after analyzing 2440 infected e-commerce websites. You can find the Group-IB report here.

"This class of malware seemed to be a rather primitive threat to large players like banks and payment systems, since JS-sniffers were believed to target small online stores. Now, however, it is time to question that belief. When a site is infected, everyone is involved in the chain of victims — end users, payment systems, banks that issued compromised cards, and companies that sell their goods and services online.
The urgency of the problem is linked to its potentially huge audience (today, almost all of us use online stores). Group-IB Threat Intelligence specialists continuously monitor the appearance of new JS-sniffers and appeal to the cybersecurity community to take a closer look at this growing threat." Viktor Okorokov, A Threat Intelligence analyst

The Georgia Institute of Technology (Georgia Tech) exposes about 1.3 Million Institute's Personal Records via a Web Application.

Georgia Tech, The Georgia Institute of Technology, has notified the university community about a massive  data breach. The breach / data theft exposed personal information of 1.3 million current and former faculty members, students, staff and as well as student applicants.
The breach was discovered by the Application developers for the Institute when they noticed a significant performance impact in one of its web applications. The investigation discovered on March 21, 2019, the performance issue was the result of a security incident.
Georgia Tech has provided a portal the manage the breach but the information is lacking due to still ongoing investigation.

Visit the portal if you are or have been affiliated with the University.

Georgia Tech discovered that unauthorized access to a web application has exposed personal information for up to 1.3 million individuals, including current and former faculty, students, staff, and student applicants. The Institute’s cybersecurity team is working to determine the extent of the access and to identify the affected individuals.
The information illegally accessed by an unknown outside entity was located on a central database. Georgia Tech’s cybersecurity team is conducting a thorough forensic investigation to determine precisely what information was extracted from the system, which may include names, addresses, social security numbers, and birth dates.
Georgia Tech learned of the illegal access in late March and immediately took action to address the vulnerability. The Institute is committed to the privacy and security of its personal data and deeply regrets the potential impact on those affected.
The U.S. Department of Education and University System of Georgia (USG) have been notified. The Institute and USG hope to have more information soon, including how to determine who has been affected and next steps.
We continue to investigate the extent of the data exposure and will share more information as it becomes available. We apologize for the potential impact on the individuals affected and our larger community. We are reviewing our security practices and protocols and will make every effort to ensure that this does not happen again.

Thursday, April 04, 2019

NSA releases GHIDRA, The reverse engineering toolkit, Receives Positive Gestures From the Infosec Community.

Ghidra logo
After mentioning about the release of the tool,NSA today finally released the complete source code for GHIDRA, at the RSA conference. The GHIDRA version 9.0.2 source tree is now available on its Github repository. It is a Java-based reverse engineering framework that features a graphical user interface (GUI) and runs on various platforms including Windows, MacOSX, and Linux.
 The tool is ideal for software engineers, but will be especially useful for malware and security  analysts first and foremost. GHIDRA is the NSA's home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade to hunt down security bugs in software and applications.
The existence of GHIDRA was first publicly revealed by WikiLeaks in CIA Vault 7 leaks,  and subsequently the agency promised to release the tool. Today the tool was publicly released  at the RSA conference. The tool might fill the gap between basic HEX tools and expensive commercial reverse engineering tools like IDA-Pro.