Reposted from the Evening Standard

A £1 million painting stolen six years ago has been returned to its owners after it was discovered under a drug dealer's bed.

The work, by Sir Stanley Spencer and titled Cookham from Englefield, was taken from the Stanley Spencer Gallery, Berkshire, in 2012.

Its whereabouts remained a mystery until police arrested Harry Fisher, 28, in June last year after finding a kilogram of cocaine and £30,000 in cash in his Mercedes.

Officers discovered the artwork under a bed next to three kilograms of cocaine and 15,000 ecstasy tablets when they searched his flat in Kingston-upon-Thames, west London.

A further raid on his family home in Fulham found more Class A drugs, making a total street value of £450,000, and £40,000 in cash.

Fisher was jailed for eight years and eight months at Kingston Crown Court in October, having pleaded guilty to conspiracy to supply Class A drugs, acquiring criminal property and handling stolen goods, Scotland Yard said.

His passenger at the time of arrest, Zak Lal, 32, of Rochester, Kent, was jailed for five years and eight months after admitting conspiracy to supply Class A drugs, acquiring criminal property and possession of an offensive weapon, police said.

The Department for Digital, Culture, Media and Sport (DCMS) said the painting's owners, who were "devastated" at the loss, were finally reunited with the artwork last month.

Arts Minister Michael Ellis said: "Spencer is one our most renowned painters and a true great of the 20th century. It is wonderful that this story has had a happy ending and the painting has been returned to its rightful owners."

Detective Constable Sophie Hayes, of the Metropolitan Police's art and antiques unit, said: "The art and antiques unit was delighted to assist with the recovery and return of this important painting.

"The circumstances of its recovery underline the links between cultural heritage crime and wider criminality.

"The fact that the painting was stolen five years before it was recovered did not hinder a prosecution for handling stolen goods, demonstrating the Met will pursue these matters wherever possible, no matter how much time has elapsed."

Described by the Stanley Spencer Gallery gallery as one of "our greatest British artists", Sir Stanley often used the Berkshire village of Cookham as inspiration for his work during a 45-year career.

He died in 1959.

See Original Post

Reposted from WAVE3 News

After a three alarm fire on Wednesday, clean up crews continued to repair damage at the Kentucky Center on Thursday.

The main issue inside of the building was water damage in the lobby, according to Kentucky Center spokesman Christian Adelberg.

Kim Baker, President of the Center, says the theaters were not affected like the lobby, just some water seeped under the doors. 

It's the water damage in the lobby that has caused some concern over the $18 million worth of art located there.

Adelberg said the pieces were already covered to protect them during the ceiling work.

Baker says the only piece they are worried about is the “The Coloured Gates of Louisville” by John Chamberlain. The piece took on some extensive water damage on the wall of the Bomhard theater. To protect the rest of the art from fluctuating temperatures as the building dries out, the center enlisted the help of the Speed Art Museum.

Most of the performances scheduled for this weekend have been relocated. 

Right now, the box office is closed to the public but tickets still available online.

The Broadway hit musical, Waitress, was scheduled for June 26. Broadway Louisville tweeted the show should go on as planned.

It is unknown when the center will be open again. 

See Original Post

Reposted from CNBC

A cyberattack of devastating proportions is not a matter of if, but when, numerous security experts believe.

And the scale of it, one information security specialist said this week, will be such that it will have its own name — like Pearl Harbor or 9/11.

"The more I speak to people, the more they think that the next Pearl Harbor is going to be a cyberattack," cybersecurity executive and professional hacker Tarah Wheeler told a panel audience during the Organization for Economic Cooperation and Development's (OECD) annual forum in Paris.

"I think that the most horrifying cybersecurity attack is going to have its own name and I think it's going to involve something more terrifying than we've thought of yet."

Wheeler is CEO and principal security advisor at Red Queen Technologies, a cybersecurity fellow at Washington, D.C.-based think tank New America, and former cybersecurity czar at multinational software firm Symantec.

Explaining her premonition, Wheeler pointed to vital health and transport infrastructure she described as grossly under-protected.

"I think about the fact that most American healthcare technology is secured, if at all, with ancient, crumbling security infrastructure. I think of planes full of people, the kind of infrastructure that protects flu vaccinations. I think about fertility clinics losing years' worth of viable embryos," she said, stressing that people are not paying attention to that crumbling infrastructure.

Critical infrastructure and industry

Wheeler is not alone in her apocalyptic outlook. Not a single report from technology companies and researchers in this field claims that the cyberthreat environment is becoming less hostile or less significant.

The World Economic Forum's (WEF) Global Risks Report 2018 names cyberattacks and cyber warfare as a top cause of disruption in the next five years, coming only after natural disasters and extreme weather events.

"In a worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning," the report said. Industry and critical infrastructure like power grids and water purification systems could be potential targets for hackers, whether they are small groups or state actors.

Retired Admiral James Stavridis, who served as NATO Supreme Allied Commander for Europe, echoed these warnings in a prior interview with CNBC: "We're headed toward a cyber Pearl Harbor, and it is going to come at either the grid or the financial sector... we need to think about this cyberattack as a pandemic."

Artificial intelligence-focused security firm BluVector reported in February that almost 40 percent of all industrial control systems and critical infrastructure faced a cyberattack at some point in the second half of 2017.

Unpatchable devices and the internet of things

Companies and governments aren't doing enough to protect these systems, Wheeler said.

"The inevitability is based in the easy access to the kinds of exploits that still work 10, 15, 20 years after they've been revealed," she said, noting that there are still companies running critical infrastructure, including health infrastructure, on Windows XP and other platforms that are unpatchable — meaning they can't be updated for vulnerability and bug fixes. Many internet of things (IOT) devices, she described, are unpatchable by design.

IOT, which has been described as "merging physical and virtual worlds, creating smart environments" through devices connected to the internet and that communicate with one another, represents a whole new level of vulnerabilities.

And cybercriminals have an exponentially increasing number of potential targets, the WEF report said, "because the use of cloud services continues to accelerate and the internet of things is expected to expand from an estimated 8.4 billion devices in 2017 to a projected 20.4 billion in 2020."

The chief executive of defense firm Raytheon International, John Harris, recently called cyberattacks the "single biggest threat to global security," adding that "the more we are connected, the more we are vulnerable."

Listen to the hackers

But Wheeler didn't specify who would likely be behind such acts, stressing that the nature of cyber warfare is asymmetric — and while there are state actors with hostile intentions, cyber weapons are accessible to just about anyone with the skills to deploy them.

What's needed, Wheeler stressed, is "sensible, deep, not broad, cybersecurity regulation that has teeth." She urged the private sector to listen to its "early warning system" — what she called the information security community, or hackers — rather than criminalizing their activity.

Industry experts have encouraged best practices and a greater awareness of the threats across the public and private sectors, and call on both sides to improve collaboration.

See Original Post

Reposted from ArtNet

London’s Hayward Gallery has been forced to close on the opening day of a major solo show dedicated to the South Korean artist Lee Bul. One of her works caught fire yesterday, forcing the private view of the exhibition “Lee Bul: Crashing,” to be called off. 

“During an incident yesterday, an artwork caught fire in a contained space within the Hayward Gallery which required attendance from the fire brigade,” a spokesperson for the gallery confirmed to artnet News.

The artist and the museum decided together to remove the artist’s work Majestic Splendor (1991–97) from the exhibition for safety purposes ahead of the opening, but a small fire broke out during the de-installation. While the press preview yesterday morning went ahead, the evening opening was canceled at the last minute. 

This isn’t the first time the work, which comprises a fish decked out in sequins, has caused trouble. The smell of Majestic Splendor made visitors to Bul’s 1997 show at the Museum of Modern Art so nauseous that it had to be removed. To avoid the same problem, the fish have since been placed in a sealed plastic bag with the chemical potassium permanganate. But the presence of the chemical increased the chances that other already flammable materials would catch fire.

“Superficial damage was sustained in a confined section of Gallery 1,” the spokesperson said, explaining that the gallery will remain closed today and tomorrow to deal with “remedial cosmetic work.” Staff anticipate reopening on Friday, June 1, to inaugurate the show, which will run through Hayward’s 50th anniversary in July and close August 19.

One security contractor was assessed for the effects of smoke inhalation as a precaution in the wake of the blaze, the spokesperson said.

The Hayward reopened its space in London’s Southbank Centre at the end of January after a two-year closure for refurbishment. For its latest show, Lee has taken over the gallery’s expansive space with more than 100 works spanning the late ‘80s to the present. The show includes installation, painting, and performance, transforming the space into a futuristic landscape replete with alien bodies, cyborgs and Kusama-like mirrored environments.

The artist’s work recalls everything from science fiction stories to Korea’s own quickfire urban development and presents an environment teetering on the edge dystopia. Indeed, the fire broke out among a number of depicted disaster experiences that include a monumental foil Zeppelin, Willing To Be Vulnerable – Metalized Balloon (2015–16), that references the 1937 Hindenburg disaster, and a new sculptural work, Scale of Tongue (2017–18), which references the sinking of the Sewol Ferry in 2014, an event that left 304 people dead.

Lee received an honorable mention at the 48th Venice Biennale in 1999 for her contributions to the Korean Pavilion and Harald Szeemann’s international exhibition. She later received the Noon Award for established artists making experimental work at the 10th Gwangju Biennale in 2014.

“Lee Bul: Crashing” is on at London’s Hayward Gallery from May 30 through August 19.

See Original Post

Reposted from CSO.com

Employees generally want to protect data against compromise but few understand the sensitivity of their data or the role of anything but passwords in protecting it, according to a new study that highlighted the difficulties that over-optimistic CSOs have in building an active security culture.

Although 64 percent of employees use company-approved personal devices for work, a recent Clutch survey found, just 40 percent of employees faced regulations on their use of personal devices – highlighting the continuing exposure of companies to common but problematic bring your own device (BYOD) policies.

High BYOD use was often translating into unintentional security exposure from otherwise “normal” activities such as the use or exchange of documents, the survey found. This ease of access meant that employees often didn’t think about the risks inherent in those activities – compromising their ability to recognize when data is sensitive.

“We've seen that at many companies, employees believe that information that needs to be protected is special, sensitive stuff that's explicitly marked, and most of the everyday communications they receive and send aren't a risk for their organizations,” said PreVeil CEO Randy Battat in a statement upon the survey’s launch.

“The reality is that the majority of communications, and the majority of an organization's intellectual capital, can be found in the ‘ordinary’ email or shared file.”

Passwords not the be-all and end-all

Compounding the problems created by ease of access to potentially sensitive information was the risk of employees’ limited security practices.

Most employees understand the importance of passwords as the primary level of protection of company data: 76 percent reported using password protection techniques, although just 67 percent said their company regularly reminded them to update their passwords.

“It’s likely that some employees are subject to password restrictions or guidelines but are simply unaware of it,” the report’s authors noted. “So, even if they use password protection, they may not be doing so according to policy.”

This gap had led to lower levels of compliance than many employees would even be aware of – yet the discrepancy between actual and best practices was glaring.

Use of security tools was one glaring example: a previous Clutch survey for example, found that while 84 percent of corporate cybersecurity policies involve the use of specialized security software, just 48 percent of employees are regularly reminded to install that software – and just 44 percent actually do so.

This level of non-compliance has been a bugbear for CSOs that often assume their employees are as actively concerned about lower-level security measures and policies as they are.

Yet just 59 percent of employees saying they had competed formal security or security-policy training.

“The gap between how decision-makers design policy and how employees enact it underscores the importance of effectively communicating cybersecurity policy to employees,” the report notes.

“Lack of policy recognition and policy are essentially the same in the context of cybersecurity. That is, if a company’s employees don’t realize a policy is present, it is essentially non-existent.

Fixing this issue – which has become even more important in a NDB and GDPR-driven compliance environment hobbled by companies’ chronic inability to identify their data – may require CSOs to more strictly monitor and impose use of mobile device management (MDM) tools capable of forcing updates of security tools, password changes, and other elements of security policy.

“If you’re allowing access to a device that is going to be used at work, whether owned by the employee or the corporation, you also set up an environment where the IT organisation can specify which applications can be installed on that device,” ManageEngine director of product management Rajesh Ganesan recently told CSO Australia.

Low usage of security tools was compromising essential activities such as patch management – which has been “a little bit haphazard”, Ganesan said – but taking a more proactive stance was helping bring devices under control.

See Original Post

Reposted from BBC News

A teenager has been found guilty of plotting a terror attack on the British Museum in London with Britain's first all-woman cell.

Safaa Boular, 18, of Vauxhall, London, has become Britain's youngest convicted female Islamic State terrorist.

A jury at the Old Bailey found her guilty of two offences of preparation of terrorism acts.

She was also found guilty over an earlier attempt to travel to Syria for terrorism.

Boular was accused of planning to travel to Syria to join IS militants and later preparing to carry out a terrorist attack in London after her fiancé, an Islamic State fighter, died.

Her sister Rizlaine 22, of Clerkenwell, London, has already admitted planning a knife attack on London and their mother Mina Dich, 44, has pleaded guilty to assisting her.

Boular will be sentenced in around six weeks time.

During her trial, the court heard how Boular - then 17 - plotted a gun and grenade attack at the British Museum.

The sisters and Dich discussed their plans using Alice in Wonderland coded language, with Rizlaine as the Mad Hatter.

Aged 16, Boular was radicalized online in the wake of the 2015 Paris terror attacks.

She met IS fighter Naweed Hussain on Instagram and after three months of chatting, she declared her love for him with an online marriage ceremony.

The court heard how she had wanted to join Hussain in Syria, but her plan was thwarted when British security services became involved and confiscated her passport.

Boular told the police about Hussain and security services deployed officers to pose as fellow extremists and speak to the pair online.

On 4 April 2017, it was a security services officer, posing as an IS commander, who told Boular that Hussain had been killed in a drone attack.

The prosecution claimed this only strengthened her determination to carry out an attack in the UK.

Boular went on to tell officers posing as extremists about plans for an attack and on 12 April, she was charged with preparing terrorist acts in Syria.

Despite being in custody, Boular continued to talk to her sister and mother about an Alice in Wonderland-themed tea party - code for an attack.

In one call Boular complained: "Mate, you guys are partying without me."

Rizlaine and Dich carried out reconnaissance of major landmarks in Westminster and bought knives and a rucksack, the court heard.

They were arrested on 27 April, the date of the planned attack, along with friend, Khawla Barghouthi.

Counter-terrorism coordinator Dean Haydon said social services were called in to act back in 2016.

"As a family unit, they are pretty dysfunctional. There was a major safeguarding issue we had to manage. It did involve social services, local authorities, schools, education and family courts trying to safeguard the wider family," he said.

"But despite all that activity it was quite clear Safaa was still continuing with her attack plans."

See Original Post

Reposted from OKCFox News

It's not exactly a break-in at the Louvre, but police at the University of Oklahoma are searching for a campus art thief.

Police released photos of the suspect carrying a painting out of the Fred Jones School of Art around 2 p.m. on May 14th. Investigators say the suspect is believed to have stolen two paintings from the second floor of the building, and a third from the fourth floor.

Surveillance video caught the suspect in the act, but they have not been identified.

See Original Post

Reposted from NY Daily News

A rogue in a Russian art gallery was arrested after he "seriously damaged" a priceless painting of Ivan the Terrible.

Igor Podporin was at the State Tretyakov Museum in Moscow just before closing Friday evening when he picked up a security pole and bashed the protective glass around the painting "Ivan the Terrible and His Son Ivan".

The 19th century work by Ilya Repin — a visually arresting large-scale canvas depicting the medieval tsar clutching the son he mortally wounded — had been "seriously damaged," Tretyakov officials said in a statement.

It added that the painting had been punctured in three places around the figure of the son, but that the most valuable part of the work —the faces of the pair — was left intact.

Podporin, a 37-year-old from the city of Voronezh, was arrested and appeared later on a Russian police video where he acknowledged lashing out against a painting that is considered a part of Russian history.

He said that he went to the museum specifically to look at the masterpiece and drank 100 grams — roughly three shots — of vodka before his outburst, adding that he doesn't normally drink vodka and was "taken over" by something.

Igor Podporin admitted to damaging the painting. (Russian Interior Ministry)

He faces a vandalism case and up to three years in prison, according to state media.

Repin's painting has been moved to the Tretaykov's restoration workshop.

It is not the first time that the work has been attacked, and that the artist repaired it himself after a religious icon painter attacked it with a knife in 1913.

See Original Post

Reposted from The New York Times

Lars Andersen's business handles some of the most sensitive data there is — the names and phone numbers of children.

The owner of London-based My Nametags, which makes personalized nametags to iron into children's clothing, says protecting that information is fundamental to his business, which operates in 130 countries.

But starting Friday, My Nametags and most other companies that collect or process the personal information of EU residents must take a number of extra precautions to comply with the new General Data Protection Regulation, which the EU calls the most sweeping change in data protection rules in a generation.

While the legislation has been applauded for tackling the thorny question of personal data privacy, the rollout is also causing confusion. Companies are trying to understand what level of protection different data needs, whether this could force them to change the way they do business and innovate, and how to manage the EU's 28 national data regulators, who enforce the law.

"Once you try to codify the spirit (of the law) — then you get unintended consequences," Andersen said. "There's been a challenge for us: What actually do I have to do? There are a million sort of answers."

That uncertainty, together with stiff penalties for violating the law, has convinced internet-based businesses such as Unroll.me, an inbox management firm, and gaming company Ragnarok Online to block EU users from their sites. Pottery Barn, an arm of San Francisco-based housewares retailer Williams-Sonoma Inc., said it would no longer ship to EU addresses. The Los Angeles Times newspaper said it was temporarily putting its website off limits in most EU countries.

The implementation of GDPR has also made data protection an issue in contract negotiations as firms argue about how to divvy up responsibility for any data breach.

"Deals are being held up by data protection," said Phil Lee, a partner in privacy security and information at Fieldfisher, a law firm with offices in 18 EU cities. "If something goes wrong, what happens?"

EU countries themselves aren't quite ready for the new rules. Less than half of the 28 member states have adopted national laws to implement GDPR, though the laggards are expected to do so in the next few weeks, according to WilmerHale, an international law firm.

As with most EU-wide regulations, enforcement of the new data protection rules falls to national authorities. While the EU stresses that the law applies to everyone, one of the big outstanding questions is whether regulators will go after any entity that breaks the law or simply focus on data giants like Google and Facebook.

Lawyers also say it isn't yet clear how regulators will interpret the sometimes general language written into the law. For example, the law says processing of personal data must be "fair" and data should be held "no longer than necessary."

"It's time to put on your seatbelt and check your airbag," said D. Reed Freeman Jr., a privacy and cybersecurity expert at WilmerHale. "It's kind of like a lift-off with a rocket. It's about to launch."

Andersen of My Nametags said the law has already caused problems for his business.

He has been advised that the company website in the Netherlands has to be different from the one in the U.K. because the two countries are likely to apply the law differently, and has a dispute with a supplier over which of them is responsible for protecting certain data.

U.K. Information Commissioner Elizabeth Denham has tried to ease concerns, saying the most important thing is for companies to try their best to comply with the law and work with authorities to correct any problems.

"We pride ourselves on being a fair and proportionate regulator and this will continue under the GDPR," Denham said in a blog post. "Those who self-report, who engage with us to resolve issues and who can demonstrate effective accountability arrangements can expect this to be taken into account when we consider any regulatory action."

The new law comes at a time when advances in technology make data more valuable, and therefore raise the stakes in protecting it.

The ability to analyze everything from consumer purchases to medical records holds enormous potential, with suggestions that it will make us healthier, improve traffic flows and other good things for society. At the same time, it provides business with huge new opportunities for profit, with some experts putting the value of the global data economy at $3 trillion.

That potential is underscored by changes in the list of the world's most valuable companies, which was once dominated by energy and industrial companies. Now Apple, Alphabet, Microsoft, Amazon and Facebook hold five of the six top spots.

"Data is the new soil," said Adam Schlosser, the project lead for digital and trade flows at the World Economic Forum. "It serves as a foundational element for growth."

But with that potential comes concern that data can be used for private gain, threatening personal privacy rights.

Allegations that political consultant Cambridge Analytica used data harvested from Facebook accounts to help Donald Trump with the 2016 presidential election offered a tangible example of the fears highlighted by privacy campaigners.

Andersen fears that "dodgy operators" will continue to flout the rules, but he hopes publicity around GDPR will help demonstrate that he takes data protection seriously — that he recognizes the information behind those nametags decorated with cupcakes, unicorns and smiley faces is something to be safeguarded.

"In terms of pieces of data that you don't want to go astray, your children's information is kind of the core of that," Andersen said. "In a way, that's why we as a company have been successful — (by) trying to treat our customers as parents in the way I would want to be treated as a parent."

See Original Post

Reposted from The Himalayan

As most of the museums damaged in the 2015 earthquakes are being reconstructed, curators and museum experts have stressed the need to install modern safety equipment.

Reconstruction of four museums, which are operated by the Department of Archaeology, is under way at present. But, authorities concerned have not bothered to instal equipment to improve safety and security of the museums and artifacts or valuables  kept inside them.

The National Museum at Chauni, along with three museums located in Kathmandu, Bhaktapur and Lalitpur house hundreds of highly valued artifacts and other objects of archaeological importance. But, none of these museums are completely open to visitors due to security reasons and poor management.

According to Chairman of International Council of Museums, Nepal, Bijay Kumar Shahi, museums in Nepal must be upgraded and digitalised to attract more visitors. “We have not been able to show the world what we have. What can we expect from our museums that have not even updated basic information on their websites? he asked.

“Although we have realized the importance of updating our museums, we have not even received sufficient budget for reconstruction, let alone up-gradation of the museums,” said Chief of the National Museum at Chauni Jay Ram Shrestha.

See Original Post