Until very recently, I did not know there is “International Computer Security Day”. Last time while I was googling for subjects for my blog, I came across the news that reads as “November 30 is International Computer Security Day”. As I search for more info, I come across multiple websites that reported on this matter. According to these websites, the main aim of “International Computer Security Day is “to raise awareness and remind society about the importance of protecting both company and personal computer resources in order to prevent the misuse of financial and personal data, and even identity theft.”

There are a lot of interesting information about this day and how to protect ourselves and our assets from cyber-criminal activities.

If you are interested in knowing more about this special day in computer security and how it was celebrated  last Friday. November 30, 2019, please visit  the following website.  

A major exercise whose goal was to test the cyber and physical security of North America’s grid has enabled the energy industry and governments to review and improve incident response plans and collaboration.

The grid security exercise, GridEx V, was organized last week by the North American Electric Reliability Corporation (NERC) and it was hosted by its Electricity Information Sharing and Analysis Center (E‑ISAC).

According to NERC, over 6,500 participants representing more than 425 government and energy sector organizations in the United States, Canada and Mexico took part in the two-day exercise. In comparison, representatives of 370 organizations took part in the previous GridEx, which took place in 2017.

For more  is available at

https://www.nerc.com/pa/CI/CIPOutreach/Pages/GridEx.aspx

https://www.cnbc.com/2019/11/16/energy-sector-practices-for-a-black-swan-cyberattack.html

Monday’s cyberattack against Britain’s Labour Party was repeated yesterday. Again, it was an “unsophisticated” distributed denial-of-service incident, easily mitigated, Computing reports, by Cloudflare. Nothing special, apparently: just the normal skid background noise. Reuters says the Conservative Party sustained its own DDoS attack yesterday. While sources suggest this attack came from a different actor, this incident also looks unsophisticated and minor: a Tory spokeswoman when asked about it said she was unaware of the attack. – See more at: https://www.washingtonpost.com/business/2019/11/12/uks-labour-party-hit-with-large-scale-cyberattack-weeks-before-general-election/

Like any other types of warfare, cyberwarfare can be simulated  and exercised by nation states. According to BBC report, US and Taiwan hold first joint cyber-war exercise. This is very interesting news given Twain is just next to China and China has a lot of claims against Twain and, hence,  such exercises could be taken as a preparation for cyber warfare.  China always opposes the joint military exercises that involve the US military. And it would not be surprising china voices its opposition against this joint cyber-war exercise. If you like to know more, please visit the following website.

https://www.bbc.com/news/technology-50289974#

South Africa was attacked by cyber criminals. Several of South African institutions were attacked. The services of City of City of Johannesburg were completely  taken down and the ransom were demanded. The hackers were demanding a ransom of four Bitcoins, which equals about R500,000 South African Rand or $37,000 USD. If you want to see the details, please visit the following website.

Read more at: https://www.thesslstore.com/blog/cyber-attacks-hit-the-city-of-johannesburg-and-south-african-banks/

Democratic law makers want to put regulatory framework in place for IOT. Since we are going to have billions of IOT devices in our home, or car or pocket with in the coming years,   and these devices will have significant influence on our daily lives, according to some Democratic law makers, we need to have laws that regulate them. That is why, according to some reports , The Cyber Shield Act, sponsored by Sen. Ed Markey (D-Mass.) and Rep. Ted Lieu (D-Calif.). if you want to rea dmore, lease vist the next websites.

Democrats offer cybersecurity bill for ‘internet of things’

Last week when Google published its research by which it claimed the attackers, probably state actors, launched  ‘indiscriminate iPhone attack lasting years’, most people were shocked and also could not wait for to see how Apple would react to such negative news. This week, Apple comes out with its own story and it seems Apple executives are angry at Google’s publication. Apple denies that there were no such “indiscriminate” attacks against iPhone users. Apple releases a press release which reads as :

“Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real-time,’ stoking fear among all iPhone users that their devices had been compromised”  

The point of disagreement is not whether iPhone users were targeted or not. Both Google and Apple disagree on this point. They also seem to agree who the likely preparator could be. It is possible to infer from their publications that China is the culpable party. The point of disagreement is the scope and the target of the attack. Google believes that the attack targeted all iPhone users indiscriminately.  Apple disagrees with Google on this claim. Rather, Apple believes the scope of the attack is very much narrow and it is a specifically Uighur community that has been severely persecuted by China because of their ethnic and religious backgrounds.

If you want to see more details, please visit  the flowing websites.

https://www.bbc.com/news/technology-49520355

https://www.bbc.com/news/technology-49617081?intlink_from_url=https://www.bbc.com/news/topics/cp3mvpdp1r2t/cyber-attacks&link_location=live-reporting-correspondent

https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html

Could the news that scared millions during the 2018 midterm election be an attempt to researching security vulnerabilities by students? FBI is asking the same question, according to CNN report. According to this news, there is an election security course at the University of Michigan and the FBI is investigating if the students of this course made the attempt.

Whether a student made the attempt of the security breach or not, taking such a class is very important for any student of information security. CNN reports that this course is designed to examine the security of current and proposed mobile voting technology in the USA.  And there are also clear instructions from the University not to meddle in existing election infrastructure. The question would be if there are such instructions, why any students would try to go against it and try to hack into the election system at the time of the midterm election? We will find out if as reported the FBI is investigating the incident in connection to the course given at the University of Michigan.

More information is available at:   https://edition.cnn.com/2019/10/04/politics/fbi-voting-app-hack-investigation/index.html

https://dailycaller.com/2019/10/04/iranian-hackers-infiltrate-presidential-campaign/

Dunkin’ Donuts, an American Coffee and Donuts company, is sued by New York Attorney General for failing to duly notify its customers the fact that cyber-criminals targeted and hacked their accounts. According to this news, in 2015, hackers could get access to over 20, 000 Dunkin’ Donuts customers’ accounts and stole tens of thousands of dollars within a few months. The customers stored their money on the Dunkin’ value cards through Dunkin’s website and mobile apps. The Attorney General claimed that even though Dunkin’ knew about the attack, it did neither notify its customers to protect their accounts nor it took any measure to protect its customers’ accounts from further attacks.

This news is interesting on so many levels. First, it shows how some organizations are willing to trade off the financial loss of their customers to protect their “good name” in the market. Second, it also shows the corporations’ legal responsibilities of doing nothing to protect or secure their customers’ accounts. In other words, it shows it is the responsibilities of the organizations to protect their customers’ information. The lesson is that if they fail to do so, they will be held responsible for the financial loses their customers have suffered. You may find the detail of the news from this website: https://www.cnbc.com/2019/09/26/dunkin-sued-for-cyberattacks-resulting-in-tens-of-thousands-of-dollars-stolen.html