EU regulation on responsible mining will be ineffective


Amsterdam, 8 June 2017 — The EU regulation on mineral sourcing that comes into force today is a good but small first step. Additionally, due to its limited scope and delay in implementation, it will not be effective enough, says the GoodElectronics Network.  The extraction and trade of minerals, including those that end up in our electronics, has been widely linked to serious human rights violations and environmental pollution.

Continue reading

Imperva Explains, Responds to NSA Document Leak Around US Elections


Russian Military Intelligence executed a cyber attack on at least one US voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.

According to NSA docs sourced by The Interceptor, the hack centered on a classic tactic, spear-phishing, to gain login credentials from an employee at an election system software vendor, which brings in another classic tactic in play, the insider. As described by the classified NSA report, the Russian plan was simple: pose as an e-voting vendor and trick local government employees into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers.

But in order to dupe the local officials, the hackers needed access to an election software vendor’s internal systems to put together a convincing disguise. So on August 24, 2016, the Russian hackers sent spoofed emails purporting to be from Google to employees of an unnamed U.S. election software company, according to the NSA report. Although the document does not directly identify the company in question, it contains references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states.

The spear-phishing email contained a link directing the employees to a malicious, faux-Google website that would request their login credentials and then hand them over to the hackers. The NSA identified seven “potential victims” at the company. While malicious emails targeting three of the potential victims were rejected by an email server, at least one of the employee accounts was likely compromised, the agency concluded. The NSA notes in its report that it is “unknown whether the aforementioned spear-phishing deployment successfully compromised all the intended victims, and what potential data from the victim could have been exfiltrated.”

Morgan Gerhart, vice president at Imperva, explains:

“The insider threat landscape usually breaks down into three pieces: malicious insiders, negligent insiders and compromised insiders. Malicious insiders are those disgruntled workers, who misuse their access to sensitive data for profit or simply for “revenge.” The most notorious example is Edward Snowden. In this case, the individual that leaked the NSA report to the media would be considered a malicious insider.

Negligent insiders jeopardise sensitive data by innocent mistakes or bad practices. These usually boil down to misconfigured servers (e.g., use of default or weak passwords), backups or test servers that contain sensitive information but are not protected like production servers, or simply taking your work home – for example saving corporate data on personal devices or cloud services.

Last, but not least, is the “classic” compromised insider, where hackers compromise insiders that have internal access to the network and assets (files servers, databases, applications, etc.). Once an attacker has access to internal resources, it’s only a matter of time before he gains access to sensitive data. It is unfortunate, but most organisations focus on securing their borders. The main problem with this is, that there are no real borders to secure.

Another previous example of an insider attack would be the Wikileaks affair which involved Bradley Manning, an army private and U.S. intelligence analyst with Top Secret security clearance.  Private Manning had “access to an unprecedented amount of material” and was convicted of leaking 251,287 classified cables. The files were stolen over time. One time Private Manning bragged to a friend saying he would “come in with music on a CD-RW labelled with something like ‘Lady Gaga’ … erase the music … then write a compressed split file. No one suspected a thing.” He said that he had “unprecedented access to classified networks 14 hours a day 7 days a week for 8+ months.”

Careless insiders are the most common of all but are, by far, not the most concerning ones. Misconfigured access control systems and misplaced data dumps are by far more dangerous, less common and much more difficult to recover from.

To mitigate the risk, corporations should ask themselves where their sensitive data lies, and invest in solutions that directly monitor who accesses it and how. According to reports, the leaker was identified because of strong audit trails of who accessed what. They can invest in solutions that help them pinpoint critical anomalies that indicate misuse of enterprise data stored in databases, file servers and cloud apps and that also help them to quickly quarantine risky users in order to proactively prevent and contain data breaches. This approach works across careless, compromised and malicious insiders.”

Novasano strengthens its operations with Finnish cyber security expertise


New American company Novasano located to Finland in order to access top quality cyber security expertise and an innovative R&D environment, with support from Invest in Finland. Novasano is currently hiring IT professionals in Tampere and Oulu. Novasano operates across the IT and health sectors, turning the challenges of the Internet of Things into opportunities.


Continue reading

Imperva CounterBreach 2.0 Introduces New Machine Learning Algorithm to Protect Data Against Insider Threats

Addresses permissions management failings in knowledge-driven work environments

LONDON, UK.–Imperva, Inc. (NASDAQ: IMPV), committed to protecting business-critical data and applications in the cloud and on-premises, today announced CounterBreach 2.0 with a new algorithm to automatically place individuals and their cross-functional peers into “virtual” working groups based on interactions with enterprise files in order to identify unusual user access patterns. This new Dynamic Peer Group Analysis algorithm proves an intelligent approach to permissions management that helps protect data against insider threats.

Continue reading

Autotalks Launches Bike-to-Vehicle (B2V) Technology to Prevent Motorcycle Accidents

June 6, 2017, Kfar Netter, Israel – Autotalks, the world leader in V2X (Vehicle-to-Everything) communication solutions, is launching its bike-to-vehicle (B2V) solution, a technology for the prevention of motorcycle accidents. The solution is based on the B2X (Bike-to-Everything) chipset developed by the Israeli company.

Continue reading

Ucore Enters Development MOU


June 5, 2017 – HALIFAX, NOVA SCOTIA – Ucore Rare Metals Inc. (TSXV:UCU) (OTCQX:UURAF) (“Ucore” or the “Company”) is pleased to announce that it has executed a Memorandum of Understanding (“MOU”) with Commerce Resources Corp. (TSXV:CCE) (OTC:CMRZF) (“Commerce”) for the purpose of integrating feedstock from Commerce’s Ashram Project in Quebec (the “Ashram Project”) with Ucore’s recently announced  rare earth separation facility and Strategic Metals Complex (“SMC”).

Continue reading