Tuesday, August 18, 2020

Remote work is changing how productivity is measured

RedCurl cybercrime group has hacked companies for three years

New stealthy Russian-speaking hacker group discovered.

Remote work is changing how productivity is measured - FastCompany: “In March 2020, the largest “work-from-home” experiment in history began. The moment entire companies moved their workforces remote, business owners and employees alike both started to realize new realities about their jobs. For years, people had been told, “It’s essential for you to be in the office,” only to suddenly realize that being in the office wasn’t so essential after all.

 Zoom calls easily replaced dozens of weekly in-person meetings. Manual tasks such as filling out paperwork suddenly couldn’t be performed the same way, forcing companies to accelerate their digital transformation efforts. Processes that seemed to work fine in a physical office space suddenly showed how dated and inefficient they were. And every executive or manager’s fears of remote employees doing nothing but watching Netflix and playing Xbox all day at home instead of working were eased. Companies all over the world have realized that working from home is not only more efficient but more suitable for the wants and needs of today’s workers. According to one company interviewed by Forbes, as well as research by Harvard Business Review, working from home boosts company-wide productivity—it doesn’t squander it…”

How to avoid a spear-phishing attack - 4 tips to keep you safe from timeless scams. “The hacker’s message is urgent and aimed directly at you. We’ll teach you how to keep from getting duped…Targeted attacks, also called spear-phishing, aim to trick you into handing over login credentials or downloading malicious software. That’s what happened at Twitter in July, where the company says hackers targeted employees on their phones. Spear-phishing attacks also often take place over email. Hackers usually send targets an “urgent” message and include credible-sounding information specific to you, like something that could have come from your own tax return, social media account or credit card bill. These scams aim to override any red flags you might notice about the email with details that make the sender sound legitimate…”

– Pete Recommends – Weekly highlights on cyber security issues, August 15, 2020 – Privacy and security issues impact every aspect of our lives – home, work, travel, education, health and medical records – to name but a few. On a weekly basis Pete Weiss highlights articles and information that focus on the increasingly complex and wide ranging ways technology is used to compromise and diminish our privacy and security, often without our situational awareness. Four highlights from this week: DHS acting secretary, top deputy were appointed illegally; Strengthening Privacy Protections in COVID-19 Mobile Phone–Enhanced Surveillance Programs; U.S. Postal Service Counters Trump Attacks On Mail-In Voting With A New Blockchain Patent; and Data Security & Privacy Gaps in Video Doorbells.

Subject: Report: Two new encryption standards will soon sweep away security controls
Source: TechRepublic
Security professionals must act before TLS 1.3 and DNS-over-HTTPS (DoH) are implemented or they won’t be able to analyze network traffic and detect cyberthreats, warns Forrester Research. Transport layer security (TLS) and DNS, two of the foundational protocols of the internet, have recently undergone radical changes to protect browser user privacy. At the same time, they will reduce security on-premises in the short term, and security professionals must put tools in place in the next couple of years, a new report from Forrester Researchstates.”While [the protocols] hide user activity from the searching eyes of nation-states and ISPs, they also hide valuable metadata from enterprise network inspection tools,” according to Forrester Research’s senior analyst, David Homes. “As these changes gain momentum, security monitoring tools will be blinded to the contents and destination of traffic and unable to detect threats. The network will be darker than it’s ever been.”

Privacy activists have gone up against the government surveillance community advocating for encryption and have been working within the Internet Engineering Task Force (IETF) to provide countermeasures against eavesdropping and data collection, Holmes wrote. The latest version, TLS 1.3, and encryption of the domain name system are the results of their most recent efforts…