Reposted from EMR-ISAC

On Aug. 21, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), CISA, FBI, NSA, and international partners are releasing Best Practices for Event Logging and Threat Detection. This guide will assist organizations in defining a baseline for event logging to mitigate malicious cyber threats. The increased prevalence of malicious actors employing living off the land (LOTL) techniques, such as living off the land binaries (LOLBins) and fileless malware, highlights the importance of implementing and maintaining an effective event logging program. CISA encourages public and private sector senior information technology (IT) decision makers, operational technology (OT) operators, network administrators, network operators, and critical infrastructure organizations to review the best practices in the guide and implement recommended actions.

See Original Post

Reposted from EMR-ISAC

Earthquakes can happen anywhere with little to no warning. Knowing what to do before a big earthquake can determine how well you survive and recover. This year's International Shake Out Day is October 17 (10/17) at 10:17 a.m. (local time). At this time, millions of people across the world will be practicing earthquake safety by participating in earthquake drills at work, school, or home. Register today so that you or your organization will:

• Be counted in the largest-ever earthquake drill in the world!
• Be listed with other participants in your area, if desired.
• Set an example that motivates others to participate and prepare.
• Get updates with Shake Out news and preparedness tips.
• Have peace of mind that you, your family, your co-workers and millions of others will be better prepared to survive and recover quickly from the next big earthquake!

Get ready to DROP, COVER and HOLD ON. Emergency services agencies can help spread the word about earthquake safety by sharing FEMA’s Ready.gov Earthquake Safety information and the Great Shake Out! campaign information at Shakeout.org with the communities they serve. Individuals can receive updates and participate in the drill via text by texting SHAKEOUT to 43362.

See Original Post

Reposted from EMR-ISAC

The Federal Emergency Management Agency’s (FEMA’s) National Mitigation Planning Program is hosting a webinar in its “From Policy to Action” series, Putting Plans to Work through Plan Implementation on Thursday, Sept. 5 from 1 - 2:30 p.m. EDT. The webinar is targeted to anyone involved in hazard mitigation. The webinar covers the benefits of plan implementation and the tools to get there. Participants will learn how to streamline and amplify planning efforts in ways that support the whole community. The webinar will discuss how a state agency, a Tribal Nation, and a county are each implementing mitigation plans:

• The Ohio Emergency Management Agency shares how their portal is supporting plan and project information.
• Learn how the Oneida Nation took a proactive approach to risk reduction and coordinating with other partners.
• Hear how Dauphin County, Pennsylvania fostered a robust annual review process.

See Original Post

Reposted from EMR-ISAC

The 2023–2024 academic year was a challenging one for academic, administrative, and law enforcement leaders charged with keeping our college and university campuses safe. Demonstrations on campuses occurred at a level not seen in decades. Campus law enforcement and public safety personnel were tasked with protecting access to public spaces, separating protesters and counter protesters to avert violence, or both. The Department of Justice’s (DOJ’s) Community Relations Service (CRS) recently released Navigating Conflicts: A Guide for Campus Leaders and Public Safety Personnel. This Guide was developed by CRS, in collaboration with the Department’s Office of Community Oriented Policing Services (COPS Office) and The Ohio State University’s Divided Community Project. The Guide is published not as an analysis of past conflict on campus or an assessment of leadership response but as a framework to help campus leaders and public safety professionals conceptualize conflict and inform decision-making when it does occur. The publication includes:

• Explanations of the critical topics of awareness, communication, support, and coordination.
• A toolkit for rapid response to campus conflict.
• An interactive simulation, “Nexera University.” 
• The CRS and the Divided Community Project are available to college and university communities to provide assistance with any of these resources—including helping facilitate the interactive simulation in person, virtually, or in a hybrid format. 

See Original Post

Reposted from The Art Newspaper

The small storefront institution, devoted to objects and ephemera related to the most expensive painting ever sold, will reopen soon the whereabouts of Salvator Mundi, the painting attributed to Leonardo da Vinci and sold for $450m to the Saudi crown prince Mohammed bin Salman at Christie’s Manhattan headquarters in 2017, remain unknown—most recently it has been rumored to be sitting in storage in Geneva. But, the whereabouts of the Salvator Barbi, the current star attraction at the Salvator Mundi Museum of Art in Brooklyn, are known it remains at the tiny storefront institution’s headquarters in the Carroll Gardens neighborhood, despite a violent break in over the weekend. According to security camera footage reviewed by The Art Newspaper, early on the morning of 17 August a person broke into an adjacent restaurant. The intruder seemingly then smashed open the internal door connecting the restaurant and museum. Though several pieces of Salvator Mundi-branded merchandise—including bottles of wine and shoes—were left strewn on the museum floor in the fracas, no items from its collection were taken. “While we are disheartened by this blatant criminal act, we are relieved that no harm came to our artworks, which hold immense cultural and historical value,” Dabora Choi, an artist and the museum’s chief coordinator of curatorial affairs said in a statement. She confirmed to The Art Newspaper that the museum will reopen on 23 August, adding: “We’re getting a new alarm system installed.” The reopening will give the public one last chance to see an exhibition outlining the parallels between the Salvator Mundi and the lucrative Mattel toy brand, which has been the subject of several major museum shows lately. The specially commissioned Salvator Barbi painting is the centerpiece, intended as a “visual testament to the unexpected harmony between these two cultural phenomena”, according to a press release.

Next week, that exhibition will be replaced by an another devoted to a Salvator Mundi-themed mechanical bank that the museum acquired in May. Much like the painting it was inspired by, the Salvator Mundi mechanical bank is shrouded in mystery. It was discovered at a flea market in Ponchatoula, Louisiana, last April. After the buyer contacted the museum looking for help in researching the object’s origins, the institution was ultimately able to acquire it. “We are exceptionally fortunate and honored to add the Salvator Mundi mechanical bank to our collection,” Choi said at the time in a statement. “Regardless of its ultimate origin, it stands as a testament to human ingenuity and artistic innovation.” Similarly, the Salvator Mundi painting that was eventually attributed to Leonardo also surfaced at an off-the-radar sale in Louisiana. The painting, badly in need of restoration, was famously bought for just $1,175 at a New Orleans Auction Galleries sale in 2005 by a pair of eagle-eyed dealers. Twelve years later, it achieved the highest price ever paid for a piece of art.

See Original Post

Reposted from CTV News

Visitors to the Canadian Museum of Nature in Ottawa will have to undergo a bag check before entering, after the museum received a threatening email this week. Darcy Ferron, vice-president of strategic and external affairs at the Canadian Museum of Nature, told CTV News Ottawa the bag checks are standard procedure whenever there is a security risk to the museum. "We take the safety of our visitors, staff and collection seriously," he said. "We're in a central location and this is a busy time for us." Police were notified and the museum property in Ottawa was fully searched for any signs of risk, as was the Natural Heritage Campus in Gatineau, Que., Ferron said. Nothing was found. Organizations across Canada have been the target of threatening messages in recent days, according to the RCMP. Earlier this week, more than 100 Jewish organizations and places of worship received bomb threats, as did hospitals in Ottawa(opens in a new tab). On Thursday, the Mounties said malls, ports, museums and art galleries(opens in a new tab) in Canada had also reported threats. This isn't the first time the museum has had to check bags at the door. Earlier this year, climate protesters spray-painted one of the dinosaur fossil displays, prompting staff to check bags temporarily in case of a second incident. A notice is posted on the museum's website(opens in a new tab) to say bags will be searched at the entrance until further notice. Ferron added this is not common in Canada. "In the United States, they do bag checks every day.

In Canada, we're used to being able to just walk in, so it's really unfortunate, but we have to take this seriously," he said. The RCMP says it continues to work closely with domestic and international police partners to advance the investigation into the individual or individuals responsible for the online bomb threats across Canada this week. "We take these threats very seriously and want to thank all internal and external resources that are assisting with this criminal matter," the RCMP said. "We recognize the fear and disorder these threats may have caused throughout communities and organizations, notably the Jewish community, and we will continue to update Canadians on developments, as appropriate."

See Original Post

Reposted from The Independent

A man has been jailed after an off-duty police officer noticed him upskirting a woman at the British Museum. Metropolitan Police officers launched an investigation after an off-duty City of London Police officer spotted Jake Verano Gomez filming up a woman’s skirt on 19 August. They discovered several videos on his phone. Upskirting, defined as the act of covertly filming or taking a picture under a person’s skirt without gaining their consent, was made a criminal offence in England and Wales in April 2019. The offence now carries a punishment of up to two years in custody under the Voyeurism Act and the most serious cases see wrongdoers placed on the sex offenders’ register. Verano Gomez, a 33-year-old Colombian national with no fixed address, was sentenced to four months in prison and ordered to pay court fees at Highbury Corner Magistrates’ Court on 21 August. He pleaded guilty to recording an image under clothes without gaining the person’s consent. He will be forced to register with the police, in line with the 2003 Sexual Offences Act, for up to seven years. The Met Police has requested women who believe they may have fallen prey to his upskirting to come forward for support. The female police officer rapidly detained the man alongside museum security guards and workers before Met Police officers came and placed him in custody.

Detective Constable Holly Wright, of the Public Protection team covering Camden, said: “These kinds of offences have a devastating impact on women and girls, who should be free to go about their lives without fear of being the victim of such a horrendous crime. “Fortunately, the presence of our colleague from City of London Police has meant Gomez has now been brought to justice. “Following his arrest Gomez’s phone was interrogated by Met detectives, they found a number of videos of other victims – also believed to have been filmed that day. Sadly, this may mean there are more women who are unaware that they have been the victim of crime.” Detective Wright urged those who were at the British Museum on Monday 19 August at around 2pm who believe they may have fallen victim to come forward to the police. Officers asked people to ring 101 or post @MetCC reference CAD 4342/19Aug. It comes after Gina Martin spent 18 months fighting to make upskirting a specific offence after a man took a picture up her skirt at a festival in 2017.

See Original Post

Reposted from BBC

Ariel Geller's family was invited for a guided tour of Haifa's Hecht Museum in Israel, a few days after the four-year-old smashed a rare, 3,500-year-old jar in the museum. The museum told the BBC the crockery dated back to the Bronze Age between 2200 and 1500BC - and was a rare artefact because it was so intact. The jar was one of the artefacts kept out in the open, part of the museum's vision of allowing visitors explore the past without any glass or barriers. The jar was most likely originally intended to be used to carry local supplies, such as wine and olive oil. It predates the time of the Biblical King David and King Solomon and is characteristic of the Canaan region on the eastern Mediterranean coast.

See Original Post

Reposted from CISA/DHS

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC) published joint Cybersecurity Advisory (CSA) #StopRansomware: RansomHub Ransomware, formerly known as Cyclops and Knight, that has established itself as an efficient and successful model.  This advisory provides known indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs) associated with RansomHub identified through FBI investigations and third-party reporting as recently as August 2024. A ransomware-as-a-service, RansomHub has encrypted systems and exfiltrated data from at least 210 victims representing all critical infrastructure sectors using a double-extortion model. Phishing emails, exploitation of known vulnerabilities, and password spraying are typical methods used by RansomHub affiliates to compromise internet facing system and user endpoints; password spraying targets accounts compromised through data breaches. Recommended mitigations and actions to protect against RansomHub include installing updates for operating systems, software, and firmware as soon as they are released, requiring phishing-resistant multifactor authentication (MFA) for as many services as possible, and training users to recognize and report phishing attempts.  Organizations are encouraged to review the advisory, IOCs, TTPs, and implement recommended mitigations to protect against ransomware threat actors. Organizations are also encouraged to visit stopransomware.gov, a whole-of-government approach with one central location for no-cost U.S. ransomware resources and alerts, to access an updated Joint #StopRansomware Guide.

See Original Post

Reposted from CISA/DHS

The Cybersecurity and Infrastructure Security Agency (CISA) moved its cyber incident reporting form to the new CISA Services Portal as part of its ongoing effort to improve cyber incident reporting. The Portal is a secure platform with enhanced functionality for cyber incident reporting, including integration with login.gov credentials. The portal’s enhanced functionality includes the ability to save and update reports, share submitted reports with colleagues or clients for third-party reporting, and search and filter reports. A new collaboration feature allows users to engage in informal discussions with CISA. To guide incident reporters through the reporting process, CISA also released a voluntary cyber incident reporting resource. It helps entities understand “who” should report an incident, “why and when” they should report, as well as “what and how to report.” Several resources to reduce cyber risk are also available. CISA encourages all organizations to take advantage of its new streamlined portal and voluntarily report cyber incidents. Learn more by visiting the CISA Services Portal and Voluntary Cyber Incident Reporting Resource.

See Original Post