Reposted from Dark Reading

Cybercriminals are capitalizing on the spread of COVID-19 with new phishing emails that pretend to offer information about the virus or request money or data from concerned victims. 

The FBI Internet Crime Complaint Center (IC3) issued an alert late last week to warn people of fake emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other healthcare organizations, pretending to share information about the virus. Officials advise not to open attachments or click links in these emails, and to be wary of websites and apps that claim to track COVID-19 cases. Criminals are using such websites to infect and lock computers.

Some of these emails ask victims to verify personal data so they can receive an economic stimulus check from the government, the FBI says. It emphasizes that while these checks have been mentioned in the news cycle, government agencies are not sending out unsolicited emails asking for private information. Other phishing campaigns may mention charity contributions, airline carrier refunds, fake cures and vaccines, and fake COVID-19 testing kits, officials note.

People are also urged to be on alert for attackers selling products that aim to prevent or treat COVID-19, as well as counterfeit sanitizing products and personal protective equipment (PPE). More information on PPE can be found via the CDC, FDA, and EPA.

Read more details here.

See Original Post

Reposted from the Wall Street Journal

As millions of U.S. workers frantically pivoted to remote work last week, putting new strains on their computer networks, federal officials warned that hackers smelled blood.

But the fallout from coronavirus-related breaches may not become clear for weeks, months or even longer, experts say. The expected delay highlights how confusion from the pandemic has created long-term security risks that could eat up precious resources as the economy hurtles toward a recession.

“Very well-organized criminal organizations or nation-states—they can wait,” said Nicolas Fischbach, chief technology officer of Forcepoint LLC, a cybersecurity firm that specializes in data protection. “They get to more data. They can learn more about the environment.”

Overstretched IT teams might not be able to keep up with updating their networks, experts say, while nonessential businesses that have effectively closed shop could prove to be easy targets. Those challenges come as workers’ use of private devices and services give attackers ample opportunity to avoid employers’ detection tools.

The public and private sectors already have faced an array of threats. The Federal Bureau of Investigation warned of an uptick in phishing scams against businesses. The World Health Organization told Reuters that hackers targeted it with a malicious look-alike website. And the U.K.’s National Crime Agency confirmed to WSJ Pro Cybersecurity that it is investigating an alleged ransomware attack against Hammersmith Medicines Research Ltd., a drug-testing company that has carried out trials for the ebola vaccine and other treatments.

While some attackers use ransomware for an immediate payout, more sophisticated groups could use the upheaval to penetrate networks and quietly search for bank account numbers, trade secrets or personally identifiable information that is financially or politically valuable, Stephen Breidenbach, a cybersecurity and privacy lawyer at Moritt Hock & Hamroff LLP, said in an email.

“They’ll then start siphoning off those resources as inconspicuously as possible, or wait to hit all the assets in one fell swoop when the company is most vulnerable,” Mr. Breidenbach said, adding that attackers could lie dormant for years. “Some hackers even try to get money from the stock market using nonpublic information they acquire.”

The question is whether companies and governments can also play the long game. Widespread office closures over the past two weeks have overloaded some virtual private networks with remote workers, according to cybersecurity experts. Mr. Fischbach, of Forcepoint, said the most common question clients had last week was how to scale up VPNs to handle the surge in traffic.

Debbie Gordon, chief executive of Cloud Range Cyber LLC, which works with businesses to war-game cyberattacks, said IT teams will continue to be pulled between helping employees maintain productivity and aggressively policing potential breaches. That balancing act—let alone new security investments—might prove difficult for businesses tightening their budgets amid an economic slowdown.

“Their focus might not be on the proactive patching and maintenance of the networks as well,” Ms. Gordon said.

The Cybersecurity and Infrastructure Agency at the Department of Homeland Security has urged public- and private-sector workers to patch their systems, be on the lookout for abnormal activity and ensure machines have properly configured firewalls.

But the added wrinkle is that many remote workers may turn to their own computers, email and file-sharing accounts in a pinch, said Paul Martini, chief executive at iboss Inc., a cloud security firm. Often accessed through the public internet, those private tools increase the surface area for attacks and make successful data breaches more difficult for intrusion-detection tools and cybersecurity teams to see.

“My suspicion is we’re going to see a big uptick in terms of the amount of data on these public, information-sharing sites that shows up on the dark web,” Mr. Martini said.

See Original Post

Reposted from Cyberscoop

Coronavirus-themed scams show no signs of letting up as hackers have tried to breach mobile phone users in Italy and Spain, the two countries with the most deaths from the virus.

Attackers laced mobile apps with malware to try to steal data from, or otherwise compromise, Italian and Spanish residents looking for updates on the pandemic, according to Slovakian antivirus firm ESET. The phony apps posed as legitimate ones offering updates on the spread of the novel coronavirus and how to assess your risk of infection.

“Because of the current situation, many [hacking] campaigns are either migrating to a COVID-19 theme or new campaigns are created with a COVID-19 theme,” said Lukas Stefanko, an Android security specialist at ESET.

The apps were available for download for a couple days, Stefanko said. It is unclear how many people downloaded them.  The malicious app targeting Spanish users is no longer available; it is unclear whether the Italian app still is.

It is a reminder of the cruel opportunism with which many cybercriminals approach the crisis. When people turn to their phones for information on the deadly virus, hackers see an opening.

As of this writing, the novel coronavirus had killed 7,503 people in Italy and 4,089 in Spain, according to Johns Hopkins University data. Hospitals have been overwhelmed with patients, forcing health care workers to erect makeshift facilities.

The malicious Android app targeting Spanish users is a banking trojan — code designed to steal financial information — that emerged last year. It was available on a third-party malicious website and not the authorized Google Play store, ESET said.

SoftMining, the Italian company that created the legitimate app for COVID-19 tracking, has warned users that “some hackers are sending counterfeit versions of our app in which they have injected malicious code.”

Stefanko doesn’t know who is behind the attempts to hack these particular users. The two campaigns do not appear to be related, he said.

The malicious activity is part of a broader surge in COVID-19-related fraud and phishing in recent weeks. Some are using attention on the Johns Hopkins COVID-19 map to distribute malware. U.S. Attorney General William Barr has vowed that prosecutors will crack down in response.

It’s not just criminals who are exploiting the crisis. Surveillance-minded hackers from Libya to China are also tailoring their activity to COVID-19 fears.

In response to the increased cyber activity, many security professionals are volunteering their time to protect medical organizations from hacking.

See Original Post

Reposted from Leadership Matters
by Joan Baldwin

This week I had “lunch” with my friend Franklin Vagnone, president of Winston Salem’s Old Salem Village in North Carolina. Frank had finished his first virtual (and emotionally draining) meeting at 8:00 am, so for him noon felt like late afternoon. As someone who was a museum leader in Philadelphia and then New York City through 9/11 and Hurricane Sandy, he’s not unfamiliar with leading in crisis. But like many museum leaders in the age of COVID-19, his Thursday began with planning for temporary layoffs for hourly staff. The layoffs are necessary because they allow staff to collect unemployment until the country emerges from the pandemic and Old Salem rights itself. Vagnone isn’t alone. Last week layoffs were announced by the Carnegie Museums in Pittsburgh, Seattle’s Science Center, and Philadelphia’s Franklin Institute, Science Center and Please Touch Museum, in addition to Colonial Williamsburg, San Francisco’s MOMA and undoubtedly many more. Sadly, the group most affected is the most vulnerable: part-time employees, many without benefits. As another friend put it, “Suddenly work is like trying to wash the dishes only the kitchen sink is missing and the water’s turned off.”

AAM’s President and CEO Laura Lott estimates that since the crisis began, museums collectively have lost $33 million a day. And whether planned or not, the museum world responded with 33,000 messages to Congress supporting AAM’s crisis request for $4 billion dollars, an amount which sent Fox and Friends into gales of laughter as if the arts weren’t a business, and a home-grown one at that. In the end, thanks to AAM’s tireless work, museums and arts organizations were included in the bill although not at levels that make them whole. You can find a full description here, including the full bill if you’re so inclined.

So what should you as a museum person, leader, or organization do?

As an individual: 

• • Take care of yourself and your loved ones.
  • Maintain social distancing. Wash your hands. COVID-19 dislikes soap and water.
  • If you’ve been laid off, don’t delay, apply for unemployment.
  • If you’re working from home, there are many sites to support you, Here are a few good articles from last week: The Muse; Museum 2.0; The Atlantic.
  • Stop looking at your screen. Take a walk. Do the reading you always meant to do, but put off.
  • Plan for the future. Try to imagine, what things you want to keep and nurture, and what things you’ll change in a post-COVID-19 world.

As leader of a team or a department:

• • Take care of your people. This will end, and re-hiring is costly. Protect staff in whatever way you can. If temporary layoffs while maintaining health insurance works for your museum, do it.
  • Make sure everyone–board members, staff and volunteers–has the tools to communicate. Help them learn to stay in touch.
  • Sort out communication methods that are most equitable. Offer tutorials to everyone, and encourage your team or department to talk with one another on a regular basis.
  • Treasure your IT and social media team and build bridges between them and your program.
  • Talk to your community, whether through email, Instagram or Facebook let them know you’re there.

As a Museum Leader:

• • Thank your Congressional representatives.
  • If you’re not an AAM member, join now. Its COVID-19 information is worth the individual membership if you can’t afford more. Ditto your regional museum service organization.
  • Take care of your people. This will end, and re-hiring is costly. Protect staff in whatever way you can. If temporary layoffs, while maintaining health insurance works for your museum, do it. Don’t let HR make decisions because that’s the way it’s always done. We moved out of the world we knew about two weeks ago.
  • Think about your organization’s virtual life. If you can create “A Minute with the Curator” or “A Walk with the Farm Horse” videos they may generate an audience that will outlive the virus. We’ve all watched Tim, the head of security at the National Cowboy Museum. Perhaps you have someone on your staff who’s equally charming and authentic, but never heard from.
  • If you have under 500 employees, you’re eligible for a small business loan to make payroll or pay health insurance.
  • Remember in the midst of the bleakness to have hope. I’ll close where I began with Frank’s video to his community.

See Original Post

Reposted from Forbes

With untold numbers of employees suddenly working from home, videoconferencing has promptly become the go-to method for running meetings and communicating with staff.

But if you’ve ever sat through a poorly-run videoconference meeting (and who among us hasn’t endured dozens of those), you know that simply purchasing the latest videoconferencing platform is not a panacea.

Fortunately, there are four simple techniques that you can implement today that will immediately improve your videoconferences.

Technique #1: Everyone Must Use Video

This might seem like an obvious point, but the majority of videoconferences have at least a few people who eschew video and only use audio. Unless there’s a serious technical glitch, you should require everyone on the call to activate their webcam.

When only a few people use video, it quickly erodes the team’s cohesion. Most of the folks who activated their video will be thinking “It’s not fair that Bob isn’t using video,” or “How come I have to be on video but Sally doesn’t?” or “I know Pat’s not really paying attention and that’s why they didn’t activate their webcam.”

When people are already stressed, and more likely to engage in negative thinking, those are not thoughts that you want to encourage on your team.

Technique #2: Everyone Must Use A Headset

Most people log into a videoconference with their laptop and simply use the computer’s built-in microphone and speaker. And while that’s certainly cheaper than buying an external headset, it makes for a painful videoconference.

If you’ve ever heard disruptive echoes, reverb or someone who sounds like they’re speaking in the middle of an airplane hangar, it’s often caused by two factors. First, the built-in microphones on most laptops and computers are low quality, especially compared to what you’ll find on even fairly inexpensive headsets and external microphones. In fact, if you have kids who play video games, it’s quite likely that they have better equipment than you do.

The second reason you hear those awful echoes or reverb is that when you’re using the internal microphone and speakers, you’re essentially on speakerphone. Thus you run the risk of your microphone picking up sound from your speakers, the speakers playing that sound back, which is again picked up by the microphone, and now you’ve got an infinite loop of annoying sound.

It’s possible that your laptop has an echo cancellation feature, but if you’re experiencing a high CPU load because you’ve got multiple applications running, that feature could be rendered ineffective.

Also, it’s much more difficult to interrupt someone when they’re essentially on a cheap speakerphone. So get everyone on your team using headsets, and you’ll immediately experience a big improvement in the quality of your videoconferences.

Technique #3: Pause Every Three Sentences When You’re Speaking

Apropos interruptions, even with headsets, it can sometimes be tough to hear when someone wants to cut in and ask a question or make a comment. Therefore you’ll need to instruct everyone on your team to pause for a few seconds after they speak (approximately) three sentences.

It’s shocking just how many people can speak uninterrupted for 5-10 minutes (if not more) on a videoconference. And when that happens, the other people on the call are virtually guaranteed to lose focus. And forget the question they wanted to ask. And even become seriously irritated.

It takes a little practice, but if you remind your team at the beginning of every videoconference, and model the behavior yourself, you’ll quickly see a marked improvement.

Technique #4: Have Clear Rules For Your Videoconference

More than 20,000 people have taken the free online test “Is Your Personality Suited To Working Remotely Or In The Office?” Respondents answer ten questions and receive results indicating whether their personality is better suited to working remotely or working in an office.

One of the questions asks people to choose between these two statements:

• I prefer not to be constrained by a set of rigid rules.
• I like having rules and clearly defined expectations.

The data shows that 43% of people like having rules and clearly defined expectations. So if your videoconference doesn’t have a clearly defined agenda with clearly defined blocks of time, a process for everyone to take turns speaking, and strict start and stop times, you risk running afoul of the desires of nearly half your team.

In a typical face-to-face meeting, you can afford to get a little sloppy and careless with your meeting structure; you’ll immediately see via everyone’s body language that things are going poorly and you can regroup quickly. But on a videoconference, the telltale signs of a meeting going poorly aren’t quite so obvious.

Even though a minute-by-minute agenda, or prescribed times for questions, might seem a bit much for a videoconference with your internal team, structure is a good antidote for stress. Structure provides a sense of clarity and calm, because it means there’s one less thing we have to stress about.

With your employees likely feeling all-time-high levels of stress, it’s a great idea for you to eliminate as many irritants and stressors as possible. And with an exponential increase in the number of leaders and employees conducting videoconferences, even small tweaks can deliver significant improvement.

See Original Post

Reposted from The Washington Post

A Van Gogh painting on loan to a small museum outside Amsterdam was announced as stolen on Monday — a date that also happened to mark Van Gogh's 167th birthday.

The painting — a relatively unknown canvas titled “The Spring Garden,” completed in 1884 — had been lent to the Singer Laren museum for a temporary exhibition by the Groninger Museum in the northern Netherlands.

The Singer Laren, which houses the collection of the American artist William Singer and his wife, Anna Singer, had been closed because of the coronavirus outbreak. Police are investigating the case and have not identified a suspect.

“I am extremely outraged that this happened,” Jan Rudolph de Lorm, the museum’s director, said at a news conference Monday. Evert van Os, the general manager of the Singer Laren, said museum personnel were “angry, shocked, and sad.”

Andreas Blühm, director of the Groninger, said his museum had lent “The Spring Garden,” its only painting by Van Gogh, to the Singer Laren two months ago. He declined to provide the painting’s value but said the canvas provided a rare glimpse into the artist’s early development.

“People often tend not to recognize the earlier paintings from this Dutch period, before he moved to Paris,” Blühm said, noting that the painting depicts the parish where Van Gogh’s father worked as a pastor. The garden the viewer sees is his father’s garden.

“It has a certain documentary and emotional value,” Blühm said. “It’s quite intimate.”

Although authorities have yet to provide many details about the case, Dutch art investigator Arthur Brand, whose research has led to the recovery of hundreds of artworks, said the case might turn out to fit a pattern of art theft in the Netherlands.

In June 1990, Brand said, three Van Gogh paintings — “The Sitting Farmer’s Wife,” “The Digging Farmer’s Wife” and “Wheels of the Water Mill in Gennep,” all from 1884 — were stolen from a similarly small Dutch museum, the Noordbrabants Museum in Den Bosch, a small city in the central Netherlands.

Those canvases ultimately turned up in the possession of Dutch drug lord Kees Houtman, who later attempted to use them, Brand said, as a bargaining chip to negotiate a shortened sentence with prosecutors. Houtman was killed in 2005.

In 1991, there was a failed heist at Amsterdam’s Van Gogh National Museum, from which gunmen stole 20 paintings early in the morning but then abandoned them at a nearby train station some 35 minutes later.

The same museum was targeted in 2002, when two other Van Gogh canvases — “View of the Sea at Scheveningen” (1882) and “Congregation Leaving the Reformed Church in Nuenen” (1882-1884) — were stolen. They turned up later in the possession of Italian mobster Raffaele Imperiale, who resides in Dubai, from which Italian authorities are seeking his extradition. Like Houtman, Imperiale ultimately attempted to use the return of the Van Gogh paintings in exchange for a shortened sentence for drug trafficking, to which he had confessed, albeit in absentia.

After Imperiale provided their whereabouts to authorities, the two stolen paintings were recovered in 2016 and later returned to the Van Gogh museum.

Both Brand and Blühm said they doubted that the Singer Laren museum’s coronavirus-related closure somehow facilitated the crime: The theft occurred early in the morning when the museum would have been closed even during a normal week, and all normal security protocols were in place.

“These guys were professionals. They did it in four or five minutes,” Brand said, referring to Monday’s heist. “They knew exactly what they were looking for — they went straight to this painting. It rang a bell.”

See Original Post

Reposed from The Indy Channel

Three teenagers were arrested Saturday after Columbus police received more than 50 reports of theft and vandalism.

According to information from the Columbus Police Department, three 16-year-olds were taken into custody Saturday afternoon. They are accused of stealing from vehicles and vandalizing property in downtown Columbus and on the northwest side of town.

Places and objects that were vandalized included a sculpture in front of the Cleo Rogers Memorial Library, vehicles, a funeral home, a church and a school, Columbus police said.

Anyone with information should call the Columbus Police Department at 812-376-2600.

See Original Post

Centers for Disease Control and Prevention COVID-19
For all the latest CDC updates:
https://www.cdc.gov/coronavirus/2019-ncov/index.html

Coronavirus COVID-19 Global Cases by Johns Hopkins CSSE
For a real time dash board of global cases:
https://gisanddata.maps.arcgis.com/apps/opsdashboard/index.html#/bda7594740fd40299423467b48e9ecf6

Public Health Planning Guide
The Chicago Department of Public Health and others created a Public Health Planning Guide for Faith Communities. While the focus is on houses of worship here, the guide provides great information that can be applied to other sectors. 
https://www.wheaton.edu/media/humanitarian-disaster-institute/hdi-files/1314-252_DisasterPrepardnessCCDHP_UPDATED.pdf

Educational Materials and Signage Examples
From New York State Department of Health, you can find their examples of Seasonal Influenza Signage that you can modify to fit your institution's needs around Coronavirus. 
https://www.health.ny.gov/diseases/communicable/influenza/seasonal/educational_materials.htm

ASIS Webinar - Novel Coronavirus: Crisis Management and Pandemic Best Practices for the Security Professional
A panel from the GTPIIC Council reviews the current situation with the Coronavirus. They will provide information on the virus, the global response and an outlook on broader implications. The panel will also discuss what organizations are doing to minimize the threat and what security professionals need to consider. Learn More and Register

Reposted from CNN

A new internet icon has emerged and his name is Tim.

As the head of security at the National Cowboy & Western Heritage Museum in Oklahoma City, Tim takes his responsibility of protecting the museum and its collection seriously.

But with the museum closed to the public and other employees working from home to prevent the spread of the coronavirus, Tim was given an additional duty of managing the museum's social media accounts.

"I'm new to social media but excited to share what I am told is called 'content' on all of The Cowboy's what I am told are 'platforms' including the Twitter, the Facebook, and the Instagram," Tim wrote in his first post.

In Tim's "content" that he posts daily, he takes followers on a tour through the empty museum, showing off cool artifacts like the hat and eye patch John Wayne wore in "True Grit," the 1969 film in which Wayne won his only Academy Award for his portrayal of US Marshal Rooster Cogburn.

While definitely interesting, his followers seem to be getting a kick out of his posts for a completely different reason -- his dad jokes and wholesome attempts at figuring out social media.

From writing out "hashtag" to ending each post with "Thanks, Tim," he isn't what you'd call social media savvy, but that's why people are loving him.

"Tim has turned this twitter into a wholesome beacon in frightening times," one Twitter user commented.

"I love this man omg thank you for this wholesome content I'm staying inside for people like you #HashtagThanksTim," another commented.

Putting Tim in charge of the museum's social media was simply just a way to keep the public engaged while the museum was closed, said Seth Spillman, the museum's chief marketing and communications director.

Spillman said he never expected each post would be garnering thousands of likes from people around the world.

"What we found was an authentic voice for the Museum," Spillman said in a statement to CNN. "What we didn't anticipate was how much that voice would resonate with people during this difficult time. It's wonderful."

Let's just hope that once the coronavirus crisis ends, the museum will let Tim keep tweeting.

See Original Post

Reposted from FEMA

Up to date as of 3/22/20

Myth: There is a national lockdown and the entire country will be quarantined for two weeks.

Fact: There is no national lockdown.  As with all information online or shared via social media, it is important to verify the source of the information.  You can find the latest information as well as links to additional resources at www.coronavirus.gov.

Myth: FEMA has deployed military assets.

Fact: No, FEMA does not have military assets. Like all emergencies, response is most successful when it is locally executed, state managed and federally supported.  Each state’s governor is responsible for response activities in their state, to include establishing curfews, deploying the National Guard if needed and any other restrictions or safety measures they deem necessary for the health and welfare of their citizens.

Myth: I need to stockpile as many groceries and supplies as I can.

Fact: Please only buy what your family needs for a week.  It is important to remember that many families may be unable to buy a supply of food and water for weeks in advance. Consumer demand has recently been exceptionally high – especially for grocery, household cleaning, and some healthcare products. Freight flows are not disrupted, but stores need time to restock.

Myth: I heard that the government is sending $1,000 checks. How do I sign up?

Fact: The U.S. Government is not mailing checks in response to COVID-19 at this time. Anyone who tells you they can get you the money now is a scammer. It’s important that you only trust information coming from official sources. The Federal Trade Commission recently provided more information about this scam and other common COVID-19 related scams on their website.

Myth: Only those over 60 years of age and those with existing health problems are at risk from the Coronavirus.

Fact: It is an unfortunate rumor that only people over 60 years of age are at risk of getting this disease. According to the Centers for Disease Control (CDC), those at higher risk include older adults and people with serious chronic medical conditions. However, symptoms can range from mild to severe with and may have different complications for each individual. The CDC has a list of COVID-19 symptoms you may experience. Please continue to follow the official information from the CDC.

Click here for the most up to date information from FEMA