Facebook Struggles to Address Violent Videos, Live-Streamed Crimes

“Social media companies need to think very carefully about what next steps they’re going to take,” said Malkia Cyril, executive director for the Center for Media Justice. “It’s a fine line to walk between maintaining safety and maintaining freedom of speech.”

Read full story at Government Technology.


United States
Date published: 
April 20, 2017
Focus Area: 

Source: Cyber Law

Source: Privacy Online

Source: Zologic

Air Mozilla: American Spies: Modern Surveillance and What We Can Do Speaker: Jennifer Granick

April 26, 2017 10:00 am
Intelligence agencies in the U.S. (aka the American Spies) are exceedingly aggressive, pushing and sometimes bursting through the technological, legal and political boundaries of lawful surveillance.
Because surveillance law has fallen behind surveillance technology, the U.S. government has unprecedented new powers. At our April Speaker Series, Jennifer Granick will address how Cold War programs led by J. Edgar Hoover and initiatives sparked by the September 11, 2001 tragedy have led us to today’s fusion centers and mosque infiltrators. She will also show how our current state of mass surveillance is fundamentally incompatible with a healthy democracy.
A teacher, practitioner and expert in surveillance and security law, Granick will share how the reality of modern surveillance in the U.S. differs from popular understanding, and what U.S. – and global – citizens can do to minimize its negative impact both for Americans and non-Americans around the world.
Log into this virtual conference. More information can be found at Mozilla
SFO Commons
Focus Area: 
Related Terms: 

Source: Cyber Law

Source: Privacy Online

Source: Zologic

TEDx Stanford – Seize the Moment: Jennifer Granick

April 23, 2017 4:00 pm

CIS Director of Civil Liberties Jennifer Granick will talk about the ideas in her book American Spies with other panelists at the TEDx Stanford Seize the Moment Session. 

View full TEDx Stanford program

More info about Jennifer Granick

CEMEX Auditorium – Stanford GSB

641 Knight Way

Stanford, CA

Javascript is required to view this map.
Focus Area: 
Related Terms: 

Source: Cyber Law

Source: Privacy Online

Source: Zologic

Threatstream App for Splunk: Introducing Seamless Integration with Enterprise Security

Splunk continues lead the way with it’s powerful big data SIEM capabilities inside their Enterprise Security App.

Here at Anomali we were especially excited with one initiative the company introduced last year, Adaptive Response. We liked it so much we partnered with Splunk to give security teams a powerful way to integrate Threatstream capabilities within the Enterprise Security workflow using the Adaptive Response framework.

An Introduction to Adaptive Response

Adaptive Response

Splunk’s Adaptive Response enables security analysts—from hunters to less skilled security staff—to better handle threats. The Adaptive Response Framework resides within Splunk Enterprise Security (ES) and optimizes threat detection and remediation using workflow-based context. Having spent years working with all layers of security teams, I like to think of Adaptive Response as the “security nerve center” to bridge intelligence from multiple security domains, including threat intelligence.

One of the key parts of the Adaptive Response framework is the ability for analysts to automate actions or individually review response actions to quickly gather more context and take appropriate actions across their multi-vendor environment. For an increasing number of people this means comparing security data against threat feeds, or threat intelligence sources like Threatstream.

Anomali Threatstream Splunk App

Introducing Adaptive Response Integration

The Anomali Threatstream Splunk App already provides users the ability to download millions of IOCs directly into Splunk to cross-reference against security data, providing dashboards and alerts for analysis. The app now has support for the Adaptive Response action framework providing seamless integration with Enterprise Security.

Familiar workflows

Splunk Workflows

An analyst will likely start an investigation once a notable event has been triggered in Splunk’s Enterprise Security. It is at this point they want to add as much context to a notable event, or security incident, in order to complete their investigation as quickly and accurately as possible. One way to do this is to compare raw events that trigger notable event against the Threatstream IOC database. For example, an analyst might want to look up the suspicious destination of an event that triggered the notable event in ES, to validate whether it should be of concern.

Perform actions inside Enterprise Security

Incident Response

Within the Enterprise Security Incident Review dashboard an analyst can select to run an “Adaptive Response Action”, in this case “Analyze with Threatstream”. They can then select as many fields in the raw events they want to analyse against Threatstream IOCs. When the analyst runs the action a Threatbullitin will be created within Threatstream and visible within the Threatstream platform.

Bi-directional sync

Bi-directional Sync

The Threatbullitin created will contain all incident data and comments from the notable event in Splunk, including the raw event data that triggered the notable event in the first place. Millions IOCs in the Threatstream database are automatically matched against the raw data of the notable event stored in the Threatbullitin to identify matches.

When matches are found they can be examined and triaged in the Threatstream user interface. Users can approve approve malicious indicators and reject those found to be benign. This threat intelligence, including full information about each IOC matched to a notable event can then be pushed back down to your security tools, including back into Splunk using Threatstream Link, to continue any investigation.

tl;dr – Anomali Threatstream App for Splunk Key features

  • Seamless integration with Enterprise Security Incident Review workflow
  • Bi-directional flow of threat intelligence data for additional enrichment, correlation and analysis
  • Automated IOC matching and customizable alerting against your security data in Splunk
  • Dashboards detailing event data associated with IOCs allowing you to pivot on severity, type, classification, time…
  • Access to weekly Anomali Threat Intelligence briefings

Download the app now

Source: Honeypot Tech

Raspberry Pi Resources: coding for all ages

Following a conversation in the Pi Towers kitchen about introducing coding to a slightly older demographic, we sent our Events Assistant Olivia on a mission to teach her mum how to code. Here she is with her findings.

“I can’t code – I’m too old! I don’t have a young person to help me!”

I’ve heard this complaint many times, but here’s the thing: there are Raspberry Pi resources for all ages and abilities! I decided to put the minds of newbie coders at rest, and prove that you can get started with coding whatever your age or experience. For this task, I needed a little help. Here, proudly starring in her first Raspberry Pi blog, is my mum, Helen Robinson.

Helen looks at the learning resource.

My mum is great, but she’s not the most tech-savvy person. She had never attempted any coding before this challenge.

Coding spinning flowers

To prove how easy it is to follow Raspberry Pi resources, I set her the challenge of completing the Spinning Flower Wheel project. She started by reading the Getting Started leaflet that we use on the Raspberry Pi stand at events such as Bett or Maker Faire. You can find the resource here, or watch Carrie Anne talk you through the project here.

She then made her flower pot (which admittedly is more of a heart pot, as I only had heart stickers).

Helen and her flower pot

My mum, with her love-ly heart pot.

She followed the resource to write her code in Python. Then, for the moment of truth, she pressed run. Her reaction was priceless.

Olivia’s mum makes a motor work

Uploaded by Raspberry Pi on 2017-04-19.

She continued coding. She changed the speed of the wheel and added a button to start it spinning. Finally, she was able to add her flower heart pot to the wheel.

Olivia’s mum completes the spinning flower resource

Uploaded by Raspberry Pi on 2017-04-19.

Here’s to you, Mrs. Robinson

Although I sat with her throughout the build, I merely took photos while she did all the work. I’m proud to say that she completed the project all by herself – without help from me, or from “a young person”. I just made the tea!

We had so much fun completing the resource, and we would encourage all those curious about coding to give it a go. If my mum managed to do it – and enjoy it – anyone can!

The post Raspberry Pi Resources: coding for all ages appeared first on Raspberry Pi.

Source: RaspberryPi – IOT Anonimo

Source: Privacy Online

Source: Zologic

Hak5 2206 – Hacking Hotel WiFi – Hack Across the Planet

Sniffing open WiFi for unencrypted HTTP GET traffic reveals a captive portal privacy concern – this time on Hak5!

Sign up at https://hackacrosstheplanet.com

Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ

Source: Security news

Source: Zologic

Now Available: Outdoor Ruggedized AP322 Access Point

WatchGuard’s AP322 brings secure Wi-Fi to the outdoors!  Its rugged, IP67-rated enclosure protects the access point from the wind, rain and cold weather, while 6 integrated antennas operate with 3 spatial streams per radio (3×3 MIMO) to deliver broad, fast, and reliable Wi-Fi coverage – making the AP322 ideal for stadiums and sports fields, schools/universities, malls, parks, hotel pool areas and open air cafes, shipping docks, warehouses and other harsh or outdoor locations. 

Key Specifications

  • Up to 450 Mbps for 2.4 GHz 
  • Up to 1.3 Gbps for 5 GHz 
  • 802.11ac Wave1 support
  • 3×3 MIMO with three spatial streams per radio
  • IP67 compliant exterior to withstand outdoor weather conditions
  • Six integrated omnidirectional antennas
  • Two Gigabit Ethernet ports
  • PoE+ powered and fully operational
  • Vertical wall or pole mounting kits included

Management Options
The AP322, like all of our new generation access points, can be managed by either WatchGuard’s Wi-Fi Cloud platform or the Gateway Wireless Controller (GWC) found inside of every Firebox appliance. 

wi-fi cloud

Firebox-Managed (GWC)
Ease into Wi-Fi with a lightweight Wi-Fi access feature set and when ready, the AP322 can be upgraded with a Wi-Fi Cloud subscription to enable all these cool features:

Wireless Intrusion Prevention System (WIPS)
Where other Wi-Fi platforms have tried and failed, use Wi-Fi Cloud’s patented WIPS to defend your airspace from Wi-Fi hacking without the risk of accidentally shutting down your neighbor’s Wi-Fi and running into legal trouble.

Location Analytics
Bridge the gap between online businesses and the physical, brick-and-mortar.  Empower business owners and sales and marketing teams with location-based data on metrics such as dwell times, new vs. repeat visitors, and demographics on gender and age.

Captive Portals
Provide unique experiences for guests and customers and turn Wi-Fi into a key marketing tool that transforms visits into customer touchpoints, increases fans on social networks, and allows for continued engagement after people leave.

Cloud Scalability
Easily scale from one to an unlimited number of APs across multiple locations without worrying about the hardware limitations of legacy controller infrastructure. APs can be grouped in many ways including location, buildings and floors, for easy management and policy configuration.

If you want to learn more, visit www.watchguard.com/wifi

Source: WatchGuard

A Murder Posted on Facebook Prompts Outrage and Questions Over Responsibility

“Any of these platforms — especially live ones — encourages users to perform,” said Elizabeth Joh, a law professor at the University of California, Davis. “Should Facebook have a duty to rescue a crime victim? Should we, or is it O.K. for thousands or millions of people to watch a crime unfold without doing anything except sharing it?”

Read the full story at The New York Times


United States
Date published: 
April 17, 2017
Focus Area: 

Source: Cyber Law

Source: Privacy Online

Source: Zologic

Webinar on Cybersecurity and its impact on EU-US ICT collaboration

The EU-funded PICASSO project is organising a webinar to discuss and refine policy recommendations designed to improve EU-US ICT-oriented collaborations – specifically in three technological domains: 5G networks; Big Data; and the Internet of Things/Cyber-physical systems (IoT/CPS). Focus is set on the implications of technological developments for cybersecurity policy, taking into account the different approaches being taken in the USA and in Europe, the technical and socio-economic backgrounds and new developments likely to affect the security and vulnerability of ICT systems.
Source: Cybersecurity and digital privacy newsletter

Source: Privacy Online

Source: Zologic

Why Brand Monitoring is a Security Issue – Typosquatting

Corporate brands are generally thought of as intangible objects that carry the company’s image and reputation. However, your brand is very tangible in the eyes of attackers and can absolutely be targeted and damaged with cyber threats. To prevent such damage, companies can engage in “brand monitoring”. More specifically, this means searching for typosquatting and compromised credentials. While different in intent and practice, both tactics rely on human behaviors to achieve their goals. Such attacks are difficult to detect because the damage can occur outside of a company’s domain, and difficult to prevent because they involve a change in habit rather than corporate policy. In the first part of this series we’ll explore what typosquatting is, why it matters, and what courses of action a company can take to effectively protect their brand.


Typosquatting (also known as URL hijacking) refers to when malicious 3rd parties will register domains that are similar to legitimate corporate domains. The motives for registering a similar domain are numerous, but all are guaranteed to have a nefarious intent. With a deceptive domain typosquatters have the potential to:

  • Orchestrate phishing schemes to collect customer credentials
  • Install malware onto visitor devices
  • Coerce the targeted company into buying the domain
  • Redirect traffic to competing or malicious sites
  • Embarrass the company by displaying inappropriate messaging

The exact variation of the domain will depend on the adversary’s intent. There are two general options- register a domain that looks visually similar or register a domain that looks credible. True to the “typo” part of typosquatting, visually similar domains consist of slight misspellings of either the root domain or country-code top level domain. Potentially credible domains will instead add keywords that viewers won’t find suspicious. For example, malicious domains “anomalibank.com” and “domain.com” might look like:

Malicious Domain Variations

Such domains might seem obviously fake when examined with scrutiny, but even these examples could be surprisingly effective. Malicious actors know that the most effective attacks are those based on human predispositions, some of which are to be trusting of visual cues and inattentive in routine situations. If a webpage and its domain look similar enough to what an individual is accustomed to then it is unlikely to raise any red flags.

To investigate the widespread use of malicious domains, the Anomali Labs Team released a report of the Financial Times Stock Exchange 100 (FTSE 100 Index). The Anomali Labs Team examined the FTSE 100 companies over a period of three months and found 81 of the 100 companies had potentially malicious domain registrations against them. A total of 527 malicious domains were detected.

Industries with the highest instances of domain name compromise

What to do About Typosquatting

So what can companies do in response to such a frequent and effective attack? As always, educating employees on the possibility of false domains is critical. Companies can also take large-scale measures to ensure that their brand is protected.

For one, organizations can purchase any domains similar to, or affiliated with, their own. Think of any large company and it’s likely that they currently own “theircompanyname”sucks.com. This is a time-consuming endeavor, but ultimately worthwhile as it prevents malicious actors from forcing them into buying the domain or using it to garner negative publicity.

Unfortunately, many companies are often unable to anticipate which domains might be used against them, and the creativity of malicious actors to dream up confusing or damaging domains seems unlimited. Or they are simply too slow to the draw and those domains have already been registered. In this case organizations can work with any number of 3rd party services to issue take down notices. Companies like Verizon, Lufthansa, and Lego are known to aggressively chase down typosquatters, with Lego having spent upwards of $500,000 to get malicious domains taken down.

Companies can also block any known malicious domains in their proxies or email security products, which protects employees from phishing scams. In this case the malicious domain might not be their own – it could relate to any and all known phishing sites. If such a domain is found, organizations may wish to triage the registrant information to see if there are other associated domains targeting the company.

One of the more effective tools for researching and monitoring malicious typosquatting is a Threat Intelligence Platform (TIP). The ThreatStream platform from Anomali provides users the ability to define base domains – the platform will monitor existing and newly registered domains and flag any similarities. The tool also provides the ability to define more complex pattern detection via Regular Expression matching. A machine learning algorithm is used to make the search for new domain registrations more sophisticated, and those found are added to individual customer threat bulletins. The Anomali Labs team also provides a feed of domains registered by disposable domains that customers can access.

Once a malicious domain is identified, users can then attempt to identify the country of origin, other domains they’ve created, and all IPs associated with the domain. This allows companies to not only investigate suspicious domains, but also to predict a potential attack vector. For example, with the right tools you can discover that a typosquatted domain belongs to an actor who has registered other malicious domains, uses a specific set of IP addresses, and is known to utilize a particular type of attack (phishing, malware, etc). With this information you can then apply appropriate firewall, SIEM, endpoint, IDS/IPS, etc. rules to block and/or monitor for suspicious activity.

Bad domain monitoring

Taking Brand Monitoring a step further, organizations should also scan the Dark Web for mentions of corporate domains. Anomali automates this type of scanning and keyword matching and will also scan the Dark Web for internal project names (yes, like the ones you’d hear in movies), mentions of executive names or emails, and company’s public IP ranges.

Concluding Summary

Malicious actors do damage to a company’s reputation and steal data by typosquatting. This tactic relies on predictable human behaviors, and is best mitigated through education, research, and tighter regulations. A Threat Intelligence Platform can simplify the process, and ultimately protect employees, customers, and brands.

Similar reports to the FTSE 100 were conducted for the DAX 100 and OMX 30.

Source: Honeypot Tech