Reposted from Fox Business

The FBI has repeatedly warned U.S. universities about visiting researchers stealing intellectual property on behalf of China.

That's according to emails reviewed by the Associated Press, which paint a picture of a nationwide effort to convince colleges to be on guard against intellectual property theft. The emails underscore the extent of U.S. concerns that universities, as recruiters of foreign talent and incubators of cutting-edge research, are particularly vulnerable targets.

"When we go to the universities, what we're trying to do is highlight the risk to them without discouraging them from welcoming the researchers and students from a country like China," Assistant Attorney General John Demers, the Justice Department's top national security official, said in an interview.

Agents have lectured at seminars, briefed administrators in campus meetings and distributed pamphlets with cautionary tales of trade secret theft.

"Existentially, we look at China as our greatest threat from an intelligence perspective, and they succeeded significantly in the last decade from stealing our best and brightest technology," said William Evanina, the U.S. government's chief counterintelligence official.

Some university officials have showed wholehearted concern, and some have worried about limiting the "free exchange of scientific knowledge."

A Chinese professor who taught at the University of Texas was charged in September with stealing state-of-the-art technology from a Silicon Valley firm while secretly employed by technology giant Huawei.

The warmings come as Chinese students continue to play a significant role on U.S. campuses.

A third of all international students in the United States are Chinese, according to the 2018 OpenDoors Report. About 363,341 students from China attended classes at American higher education institutions last year. The number of Chinese students has been increasing steadily since the 2012-13 schoolyear when the number of Chinese students in the U.S. was more than 235,000. Chinese contribute about $13 billion annually to the economy, according to NAFSA: Association of International Educators.

See Original Post

Reposted from Security Management

Following almost every major mass shooting in the United States, law enforcement officials methodically evaluate and repeatedly try to improve their response.

Law enforcement demonstrated this evolution after the Columbine High School shooting in 1999 that killed 13 people. Following the shooting, police changed their methodology of waiting outside the facility for the SWAT team to engage the shooter to having small units—often consisting of the first four officers to arrive on the scene—engage with the active shooter.

After 32 students and faculty members were killed in the Virginia Tech shooting in 2007, police response tactics changed again—moving from small units to solo engagement of the shooter. This response was further improved upon when law enforcement began engaging shooters and bounding overwatch to detect explosive devices following the San Bernardino, California, shooting in 2015 that left 14 people dead.

Most recently, law enforcement began stressing the importance of a unified command to assist in saving lives after a gunman opened fire at Pulse nightclub in Orlando, Florida, killing 49 people.

The trend to attempt to fix responses after failure has been no different for civilian responses to active shooters and, most notability, for the single-option, traditional lockdown response, which recommends individuals get into a room, lock the door, turn off the lights, move away from the door and windows, hide behind available objects, stay quiet, and wait for the police to arrive.

For example, after the failure of traditional lockdown at Columbine High School, the condition that everyone needed to be in a room for lockdowns to work was added to the response. When traditional lockdown failed at Sandy Hook Elementary School in Newtown, Connecticut, the response recognized that the placement of the locks on the door was an important factor that must be considered. Most recently, in the aftermath of the shooting at Marjory Stoneman Douglas High School in Parkland, Florida, the failure of traditional lockdown is being attributed by some to a lack of lines on the floor that identify the hard corner where people can hide, and new responses are evolving to include the proper marking of these corners. However, none of these solutions make allowances for the fluidity of active shooter events nor do they recognize the decision-making capabilities possessed by those who find themselves in the midst of such an event.

In 2000, when Greg Crane developed a multi-option response for active shooter events, he followed a well-recognized model pioneered by the fire services from more than a century earlier. Fire services realized that no one response was appropriate for all incidents involving a fire. Thus, training options were developed based on fire’s ability to move and the understanding that one or more of the responses might not be available or appropriate for the circumstances. Based on this knowledge, Crane saw a need that was not being met by the single-option traditional lockdown response in active shooter events and surmised the response was increasing casualties. As a result, he developed ALICE (Alert, Lockdown, Inform, Counter, and Evacuate) Training.

In the same way fire services trained and provided options for individuals to use based on proximity to the fire, Crane created a multi-option response that used information based on the location of the shooter to determine how individuals may want to respond. For example, just as fire safety instructs individuals—if possible—to leave a facility if it is on fire, Crane’s ALICE Training also provides the option to evacuate a building—if able to—in an active shooter incident.

If individuals are unable to evacuate in a fire, fire officials inform people to get low to the ground, close the door, and put something under the door to create a barricade between themselves and the fire and smoke. ALICE Training also recognizes there are instances when evacuation is not possible and suggests people lockdown and barricade with available environmental objects—desks, chairs, or tables—to prevent contact with the active shooter.

Finally, fire services recognize that someone may catch on fire and recommend people Stop, Drop, and Roll, countering the fire. Crane similarly acknowledges that in active shooter incidents someone may come face-to-face with a gunman. ALICE Training addresses this by having an option to counter the gunman by throwing objects or swarming the shooter to survive.

In both fire safety and ALICE Training, the dynamics and ever-changing nature of the incident are recognized. By providing individuals with multiple options, neither the fire service nor ALICE would guarantee that there will be no injuries and everyone will survive. Rather, giving people options to choose their response instills knowledge and confidence and, arguably, may increase their likelihood of survival.

While there have been two competing paradigms to civilian active shooter responses for almost 20 years, no empirically sound studies were conducted on the effectiveness of either the single-option, traditional lockdown or multi-option responses to active shooters. Some individuals assert that the single-option, traditional lockdown is well researched and a proven best practice. But there is no solid empirical evidence to validate these claims, and there is anecdotal evidence to suggest otherwise.

This dialogue changed in December 2018 when the authors’ study “One Size Does Not Fit All: Traditional Lockdown Versus Multi-Option Responses to School Shootings” was published in the Journal of School Violence. The article, to the authors’ knowledge, is the first peer-reviewed study to examine the differences in time to resolution and survivability between traditional lockdown and multi-option responses to active shooter incidents.

Using live simulations with AirSoft guns in both classrooms and large open areas such as cafeterias, libraries, and hallways, the study ethically and safely recreated a mass shooting incident. In 13 sites across the United States, 326 individuals attending a two-day ALICE Instructor course voluntarily consented to be part of the study. These simulations were already a component of the ALICE training course. However, no one had previously surveyed individuals about their experiences and feelings during these drills.

Before any simulations were conducted, participants filled out a survey to collect their basic demographic information and feelings about mass shootings. Then, after each simulation, they were asked to report the number of times they were shot and the actions they took in response to the shooting.

When all simulations were finished, participants completed a final post-test survey. To mitigate potential confirmation bias of the researchers, all participants self-reported their answers on each of the surveys. Additionally, the individuals who were chosen to be the gunman in each simulation were not affiliated with nor invested in the ALICE Training Institute.

For each simulation, the gunman was armed with two AirSoft guns and stopped shooting when one of the following occurred: five minutes elapsed, which was based on the fact that 70 percent of active shooting incidents ended in five minutes or less; the gunman ran out of ammunition, similar to what occurred in the shooting at Marshall County High School in 2018; participants incapacitated the gunman; all participants evacuated the area; or all participants successfully barricaded and the gunman was unable to engage further targets.

The study results showed statistically significant decreases in the percent of individuals shot using the multi-option response over traditional lockdown. Across the 13 sites, 74 percent of participants who used traditional lockdown in a classroom were shot. But only 25 percent of participants who used the multi-option response were shot. When traditional lockdown was used in a large open area, 68 percent of the subjects were shot; this dropped to 11 percent when multi-option responses were used. Furthermore, no demographic or situational variable gathered in the study—sex, age, occupation, SWAT training of the gunman, or use of counter technique—significantly predicted being shot, suggesting it was use of the multi-option response instead of traditional lockdown that resulted in fewer people being shot.

Additionally, the time to resolution for both the classroom and large open area simulations significantly decreased when using the multi-option response instead of traditional lockdown.

These results could have a significant influence on training and policy. A 2018 compilation of data on mass shootings, financed by the National Institute of Justice (NIJ), found that current or former students are the assailants in nine out of 10 school shootings. Thus, the vast majority of school shootings are insider attacks by individuals who know where everyone is in a facility. Single-option, traditional lockdown responses that instruct everyone to only hide in an active shooter situation are high-risk, high-liability propositions that ignore the fluidity and ever-changing nature of these events.

Jillian Peterson and James Densley, the two criminologists who developed the NIJ database on mass shooters, wrote in an article for The Conversation that “…current strategies are inadequate. If the shooter is most likely a student in the school, lockdown drills only show potential perpetrators the school’s planned response, which can be used to increase casualties.” Thus, the failure of traditional lockdown is its reliance on a one-size-fits-all approach.

Decisions and policies should be based on and driven by existing data, rather than emotional appeals to do something to keep students, staff, faculty, and other civilians safe. Competing approaches should be ethically tested and validated. But the limited evidence suggests multi-option responses that consider the dynamics of an active shooter incident, rather than single-option, traditional lockdown, have the potential to increase the survivability of those who are faced with such an encounter. 

These same arguments can apply to commerce settings, which make up the largest percentage (42 percent) of active shooter events according to the FBI’s report on active shooting incidents in the United States. In 58 percent of active shooter incidents between 2000 and 2017, the gunman was an employee, a former employee, or related to someone inside the facility—meaning the individual had insider knowledge of the location.

Many employees and patrons, however, are only trained in traditional lockdown, which instructs them to sit on the floor, be quiet, not move, and wait for the police to arrive to the scene. Once again, this tactic is the single-option, traditional lockdown response that expects the shooter to be unaware of which rooms have people in them—which is not the case in more than half of these incidents.

The failure of lockdown drills in locations such as Sandy Hook Elementary and Marjory Stoneman Douglas High Schools, both of which conducted traditional lockdown training shortly before their respective incidents, draws an unflattering light on this type of response to active shooters. Arguments about security measures, arming teachers, the presence or absence of school resource officers, automatic lockdown procedures, door locks, and even where tape should be on the floors for people to hide behind have gripped the national discourse on what to do in response to such events. What is consistent, however, is that most of the focus is placed on the failure to properly implement lockdown or the application failure of the lockdown (blaming the people) rather than on the fact that the single-option, traditional lockdown failed (blaming the tactic).

In light of new research, it is apparent that the tendency to blame people is misguided and a serious examination of the tactics we use to train civilians to survive an active shooter event is necessary.

One argument for retaining the single-option traditional lockdown response is that it takes very little time to train people. Individuals are told to turn off the lights, lock and move away from doors, hide under or behind objects, and to remain quiet. Individuals are instructed to pretend they are not there and to wait for the police to respond, even though they are likely in a building where people are in almost every room. Add to the equation an insider threat—a person who works or goes to school in that building, who already knows where people are most likely hiding—and the effectiveness of this response breaks down with life-threatening results.

It is common knowledge that for training to be effective, one must prepare for the event as if it is going to happen—in a realistic and safe way. Just as people have practiced from a young age how to respond to fires, they should practice how to respond to an active shooter. The trainers must be safety-conscious professionals. In addition, for active shooters, the response should not require any fine motor skills of participants such as weapons takeaways or fighting tactics because these skills decrease in periods of high stress.

Training should be conducted with everyone, be age-appropriate, and be presented in a way that increases feelings of empowerment and confidence, rather than feelings of fear and anxiety—just as it is done in other crisis situations like fire, tornado, and Stranger Danger. It should be kinesthetic with every option being trained. Finally, the training must be consistently delivered, practiced, and conducted on a continual basis. It should also parallel that of fire safety, where schools are required to conduct fire drills on a routine basis.

While anecdotal evidence and the limited empirical research show that when people are trained in multi-option responses lives can potentially be saved, not everyone supports this type of training.

Unfortunately, because of the frequent failure of traditional lockdown tactics and the large numbers of casualties, a general fear of active threats has arisen. As a result, some are suggesting drills could be contributing to this fear and that they should not be conducted. However, there are many instances where training and drills have saved lives.

Rather than focusing on failed lockdown incidents, the focus should be shifted to locations where multi-option responses succeeded. Noblesville, Indiana; Mattoon, Illinois; and West Liberty-Salem, Ohio, are all locations where multi-option responses saved lives. However, very few people have heard of these incidents. At both Noblesville West Middle School and Mattoon High School, a teacher subdued the gunman; no one was killed in either incident with three injured between the two schools. At West Liberty-Salem High School, students and teachers barricaded their classrooms and evacuated the building. One student was injured. These success stories get little notoriety from the media and are typically only known by the professionals in the field. 

And, while there are no guarantees that all lives will be saved, multi-option response use from anecdotal evidence and the limited empirical evidence suggests that this response could reduce the amount of time a threat is active in a building and mitigate the number of casualties. 
In this regard, more methodologically rigorous, peer-reviewed research is needed. Studies that evaluate the psychological impact that drills have on their participants, including children, should be conducted. Utilizing evidence-based civilian active shooter responses should be a top priority. Future lives depend on it.

See Original Post

Reposted from BizTech Magazine

Art and cultural property crime account for billions in losses each year — the threat of theft is serious enough that the FBI established its rapid-deployment Art Crime Team in 2004.

Despite federal funds and forces on the job, however, stealing fine art remains “relatively easy,” according to Insurance Journal. Just 1.5 percent of all thefts end in successful recovery of objects and prosecution of the perpetrators.

In fact, the biggest problem faced by these cultural criminals is selling their ill-gotten gain: Art scholar Noah Charney notes that while “people assume that they’ll find criminal art collectors,” this is fantastically unlikely because “we have very few historical examples — maybe a dozen to 20 who fit the bill.”

The result? Museums lack the advanced access controls capable of limiting larceny and warding off would-be criminals.

What Is the Current Security Landscape for Museums?

According to Security Baron, museum defense relies on redundancy — layering multiple protective processes, each equally able to safeguard artifacts. These often include physical guard patrols and wireless security cameras paired with newer technologies such as vibration sensors and motion detection devices.

The Security Committee of the American Alliance of Museums also recommends securing staff ID cards by leveraging both card scanners and PIN-based card readers to ensure only authorized employees can access storage collection areas.

WHY CONVENTIONAL MUSEUM SECURITY IS INADEQUATE

The critical failing of current security measures? They’re naturally reactive.

While security guards, burglar alarms and laser systems force thieves to act quickly, these tools rarely prevent crime from occurring. Consider prolific art thief Stéphane Breitwieser, who robbed hundreds of museums to amass his contraband collection. With simple observation of museum security practices, a willing accomplice and slightly-too-large jacket, he was able to successfully steal treasured works across the globe.

Central to this issue is the paradox of experience. If art is too well protected — behind walls and fences in tiny metal rooms — viewer experience suffers. But allowing a broader experience introduces risk and forces museums to become reactive.

Sculpting Smarter Defense for Museums

New technologies offer a way to improve museum access control and reduce the risk of theft. But these solutions require a deployment approach that combines the static science of current defense with the art of human interaction — the notion that intrinsic behavior and characteristics, rather than overt indications of criminality, are the best indicators of potential pilfering.

Potential defensive controls include:

• Individual Article Tracking — As noted by the IEEE, advancements in IoT sensor technology are making it possible to create digital identities for physical objects. Museums using technology such as near-field communication and Bluetooth Low Energy beacons can track pieces of art wherever they go and provide critical data on their condition. Tied to larger museum networks, this offers the possibility of real-time status monitoring and change detection to help prevent theft.
   
• Improved RFID — Radio-frequency ID solutions offer the potential to deploy small, low-cost tags that make “dumb” objects part of larger smart network. From improved RFID access cards to tag-equipped museum features such as lights, doors and even benches, this kind of blanket RFID approach could hamper criminal efforts to remove art undetected.
   
• Gait Analysis — On the cutting edge of biometric benefits are solutions such as gait analysis. As noted by the American National Standards Institute, the human gait “varies between every single person” and can be described using a mathematical model. Built into museum security systems, gait analysis could be used to identify changes in walking speed and pattern that could indicate visitors may be attempting to leave with more than they entered.

Museums house national treasures and cultural artifacts — but are often at increased risk of theft. New access control and monitoring solutions offer the potential to leverage science in defense of art.

See Original Post

Reposted from TechCrunch

One of the most senior officials tasked with protecting U.S. critical infrastructure says that the lack of security professionals in the U.S. is one of the leading threats to national cybersecurity.

Speaking at TechCrunch Disrupt SF, Jeanette Manfra, the assistant director for cybersecurity for Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said that the agency was making training for new cybersecurity professionals a priority.

“It’s a national security risk that we don’t have the talent regardless of whether it’s in the government or the private sector,” said Manfra. “We have a massive shortage that is expected that will grow larger.”

Homeland Security is already responding, working on developing curriculum for potential developers as soon as they hit the school system. “We spend a lot of time invested in K-12 curriculum,” she said.

The agency is also looking to take a page from the the tech industry’s playbook and developing a new workforce training program that’s modeled after how to recruit and retain individuals.

For Manfra, it’s important that the tech community and the government agencies tasked with protecting the nation’s critical assets work more closely together, and the best way to do that is to encourage a revolving door between cybersecurity agencies and technology companies. That may raise the hackles of privacy experts and private companies, given the friction between what private companies wish to protect and what governments wish were exposed — through things like backdoors — but Manfra says close collaboration is critical.

Manfra envisions that government will pay for scholarships for cybersecurity professionals who will spend three to five years in government before moving into the private sector. “It builds a community of people with shared experience [and] in security we’re all trying to do the same things,” she said.

Priorities for Homeland Security are driving down the cost of technologies so that the most vulnerable institutions like states, municipalities and townships or the private companies that are tasked with maintaining public infrastructure — that don’t have the same money to spend as the federal government — can protect themselves.

“When you think about a lot of these institutions that are the targets of nation sates… a lot of them have resources at their disposal and many of them do not,” said Manfra. “[So] how do we work with the market to build more secure solutions — particularly with industrial control systems.”

The public also has a role to play, she said. Because it’s not just the actual technological infrastructure that enemies of the U.S. are trying to target, but the overall faith in American institutions — as the Russian attempt to meddle in the 2016 election revealed.

“It’s also about building a more resilient and aware public,” said Manfra. “And adversaries have learned how they can manipulate the trust in these institutions.”

See Original Post

Reposted from Securitas Security Services, USA

Personal security awareness is essential in uncertain times. Awareness is a choice. One must choose to pay attention. Routine tasks often become just that: routine. Maintaining operative situational awareness requires real effort. Take time to focus on your responsibilities and your surroundings, even those that are most familiar. Additionally, try to avoid things that lock your focus, such as your cellphone. Things that lock your focus prevent you from maintaining active awareness. By making situational awareness part of your workday, you can reduce risks and help improve the safety of your work environment.

Be Aware of Your Surroundings

Situational awareness is a human experience defined as knowing and understanding what is happening around you, predicting how it will change with time, and being in tune with the dynamics of your environment. We practice situational awareness every day—when crossing the street, driving our cars, and making dinner in our kitchens. Situational awareness is knowing what is going on around you and staying vigilant to any changes or threats. All employees are encouraged to practice situational awareness, by always being alert to their surroundings, and to use their experience, training, and skills to assess their workplace environment on an on-going basis.

In an Emergency

In an emergency, you should always follow company security policies and protocols. Your workplace should have an emergency response plan in place, and it should include fire drills, severe weather drills, “shelter- in-place” and lockdown drills. Familiarize yourself with your company’s emergency exit plans and site evacuation alarm system. Learn the types of action plans and the response expected from employees for different types of incidents. For example, the action required for a reported fire may be different from that for a bomb threat. Find out

if there is a rally point outside the building for emergencies requiring evacuation. If there is a rally point, it is recommended that an evacuation drill be practiced annually to make sure everyone knows what to do and where to go if confronted with an emergency.

Education is key. Learn what to do in the event of an emergency before there is one. Make sure you understand the plan of action for different circumstances in your workplace for yourself and others. Lack of knowledge is not an excuse for poor job performance.

All employees should educate themselves about any potential hazards that their environment or actions can pose to themselves or others. Ensure that you are up-to- date with the systems, processes, and procedures of your work environment, and that you feel confident about what to do in any situation. Make sure your workplace has an Emergency Plan and ensure everyone knows what they is expected in an emergency. Develop a notification system.

• Look for the two nearest exits anywhere you go. Have an escape path in mind.
  
• Understand the plans for individuals with disabilities or other access and functional needs.
• Account for personnel and guests.
• Coordinate preparation with existing plans.
• Train employees to recognize and report concerns.
• Always listen to the instructions of emergency personnel, if applicable.

Use the SLAM technique:

• Stop: Observe your surroundings and become aware of what is going on around you.
• Look: Pay attention to what you see and notice whether anything looks unusual or out of place. Take note and report anything that looks unsafe or unusual.
• Assess: If you think you have identified a potential threat, decide what action to take. Report anything that looks unsafe or unusual.
• Manage: If you feel unsafe at any time, stop. Tell your coworkers and immediately report to your supervisor. If you have solutions that would help improve the safety of yourself and others in your workplace, alert your supervisor.

Prioritizing in an Emergency

In an emergency, life safety is always the first priority. Your emergency plan should also have protective actions for life safety.

Protective actions for life safety include:

• Evacuation
• Sheltering
• Shelter-In-Place Lockdown

The second priority is the stabilization of the incident. As in any emergency, one of the keys to your safety is to remain calm. Be prepared, try to keep calm, and act quickly based on your training.

For more information on this and other security related topics, visit the Securitas Safety Awareness Knowledge Center at: http://www.securitasinc.com/en/knowledge-center/security-and-safety-awareness-tips

Reposted from ArtNet News

The Mona Lisa‘s home has gotten a makeover. 

The Louvre’s most famous painting was reinstalled in its longtime gallery in the museum’s Salle des États overnight on Monday. The Leonardo da Vinci masterpiece had been on a staycation in another room, the Galerie Médicis, for a rocky two months while her permanent residence underwent renovations. 

The gallery now looks quite a bit different than it did before the Mona Lisa left. The walls have been repainted in midnight blue, a color that complements Leonardo’s famous painting better than the previous yellow tone. The painting has also been given a brand new vitrine so that visitors can get an even clearer view than before.

Mona Lisa‘s brief sojourn outside the gallery wreaked havoc on the museum. When the painting was relocated to its temporary display in July, tour guides reported two-hour waits with long lines forming outside the gallery’s single entrance. As chaos mounted, ticketed visitors without reserved time slots were turned away from the museum.

To avoid a similar crush of people and smart phones in the renovated gallery, the Louvre has introduced a new crowd-control system, implementing two single-file lines leading up to the work during crowded periods. 

“There will be two serpentine lines that will allow the audience to get as close as possible to the work, and for everyone to have a special moment with the Mona Lisa,” a Louvre staffer told the French publication Europe 1, explaining that, on average, a visitor stays in front of the work for 50 seconds. The new system will particularly help children and people with reduced mobility, who represent 18 percent of visitors, according to a statement from the museum.

In other crowd-control efforts, the museum also plans to implement a new timed ticketing policy later this month. The decision was made in advance of the Louvre’s highly anticipated blockbuster exhibition celebrating the 500th anniversary of Leonardo da Vinci’s death, which opens on October 24.

The new ticketing policy “allows a better flow of visitors and is key to a more comfortable visit,” Louvre officials told the Art Newspaper. Exactly how the new ticketing system will work, however, remains unclear. Reservations will need to be made online, but the museum has not determined whether all visitors will need them, or just the ones visiting the special exhibition. Within the first 30 hours of the tickets going on sale in June, the public purchased 33,500 advanced tickets, straining the website servers.

The Louvre, the world’s most visited museum, hit a record 10.2 million guests last year. Museum security went on strike in May, citing the increased admissions and shrinking staff size as the cause for deteriorating work conditions. Their demands included a cap on visitor numbers, which currently range from 30,000 to 50,000 people each day. Union members are reportedly considering striking again.

And these aren’t the only changes underway at the Paris museum. This week, it is also opening a new conservation and storage center in Liévin, two hours north of Paris. As Louvre director Jean-Luc Martinez oversees a rehang of the collection—that’s why the Mona Lisa gallery was being repainted—he will move some 250,000 objects from the institution’s holdings to the new facility by 2023. Currently, reports TAN, the Louvre storerooms are located in a flood-risk zone.

See Original Post

Reposted from Nextgov

Nation-state actors are actively exploiting vulnerabilities in three different virtual private network services to gain access to users’ devices, according to the National Security Agency.

In an advisory issued Monday, NSA said international hackers were taking advantage of bugs in older versions of virtual private network applications produced by Pulse Secure, Fortinet and Palo Alto Networks. Users of the products are “strongly recommended” to update their systems, the agency said.

Virtual private networks, or VPNs, allow users to safely share data across public Wi-Fi and other potentially insecure networks.

According to the advisory, the vulnerability in the Pulse Secure product allows nefarious actors to remotely execute code and download files, as well as intercept encrypted network traffic. The bugs in the other two systems both allow for remote code execution, the NSA said.

The National Cyber Security Centre, a component of the United Kingdom’s intelligence agency, the GCHQ, published its own warning about the vulnerabilities on Oct. 2. The NSCS advisory said the exploits could allow hackers to download user credentials. 

After upgrading to the latest version of the VPN software, users should reset their credentials before reconnecting to the network, NSA said. The agency also listed a handful of other protective measures users can take to prevent nefarious actors from infiltrating their devices.

Neither NSA nor NCSC disclosed which foreign actors were exploiting the vulnerabilities, though the advisories come roughly a month after reports that a Chinese hacker ring known as APT5 was targeting Fortinet and Pulse Secure servers. According to the cybersecurity company FireEye, the group has been active since 2007 and targets organizations across numerous industries, with a particular focus on the tech and telecom sectors.

See Original Post

Reposted from the New York Times

Were it not for a dark wooden door, the authorities say, Stephan Balliet may have succeeded in carrying out a massacre of Jews he had planned to broadcast live around the world. He chose Yom Kippur, knowing the synagogue in Halle, Germany, would be full.

But during every service, the thick, narrow door, its outside handle removed, was locked from the inside. It served as the only protection for Halle’s Jewish community from the outside world. On Wednesday, it spared the lives of 51 Jews from the area and a group of young, international visitors, including 10 Americans, who had come to be with them on the holiest day on the Jewish calendar.

On Thursday, bouquets of flowers and candles lay on the flagstones of the sidewalk outside of synagogue. They served as memorials to the two victims of the massacre that wasn’t — but an event that nevertheless shattered Germans’ belief that the lessons of the Nazi past had immunized them from global, internet-bred hatred espoused by right-wing attackers in Christchurch, New Zealandand El Paso, Tex.

“This brutal crime is a disgrace for our entire country,” Horst Seehofer, the country’s interior minister, said. “With our history, something like this should not happen in Germany.”

Mr. Seehofer vowed to increase security measures, including extending laws that would allow the authorities to monitor digital communication to help prevent further threats such as those, they say, posed by Mr. Balliet, who was arrested after fleeing the scene in Halle, in eastern Germany.

In a hate-filled screed he published online, Mr. Balliet, 27, made clear that he had chosen his target hoping to kill as many Jews as possible. Footage from a camera that he had strapped to the helmet he wore showed him planting explosives that appeared not to detonate, in an attempt to breach the synagogue door. He then fired at the door shortly before noon on Wednesday.

Cursing and muttering as it failed to budge, he instead turned his gun on a woman passing by, shooting her in the back. Identified only as Jana L., 40, and as a lover of traditional German music, she crumpled to the ground. He later fired two more shots at her, before driving to a nearby kebab shop.

Inside the synagogue, Ezra Waxman, a math student from Boston who is studying at the Technical University of Dresden, said the congregation was in the middle of the service when they heard a big “boom.” He thought something had fallen over, or one of the older men had collapsed.

They stopped the service after another loud noise, “and then something that sounded like machine-gun fire,” he said.

At that point, Max Privorozki, the head of the congregation, sent most of the worshipers to another windowless room, while he barricaded the door. He then checked in with the volunteer who monitors the security camera at the door.

The fuzzy images showed a heavily armed attacker on the other side. They immediately called the police. It was three minutes after noon. By the time the police arrived, eight minutes later, Mr. Balliet had driven away, said Holger Stahlknecht, the top security official for Saxony-Anhalt State.

“It was a miracle that the door held,” Mr. Privorozki said in an interview on Thursday. “I cannot imagine what would have happened if it had not.”

In a manifesto, written in English and published on the internet before he carried out the attack, Mr. Balliet said he had considered attacking a mosque, but decided Jews posed the greater threat.

“If I fail and die but kill a single Jew, it was worth it,” he wrote in the manifesto that was found by researchers at the International Center for the Study of Radicalization and Political Violence, a research organization at King’s College London. “After all, if every White Man kills just one, we win.”

Thwarted at the synagogue, as a kind of fallback he drove from to a nearby kebab shop, where Rifart Tekin, a father of two small children, was about to prepare a sandwich.

Mr. Balliet threw a homemade grenade against the door, then shouted and opened fire. He killed Kevin S., a 20-year-old German fan of Halle’s soccer team, who worked nearby and was on lunch break with a colleague.

“I still hear of the man’s voice — it’s stuck in my head,” said Mr. Tekin, who is from Turkey.

Mr. Balliet then returned to his car and fled the scene, but the police had caught up with him by then. The officers opened fire, grazing him in the neck, but Mr. Balliet got away and fled to a nearby town, Wiedersdorf.

There, he abandoned his car, which the authorities said was packed with about two pounds of explosives, and forced a taxi driver to give him his vehicle and headed south on a local highway.

After Mr. Balliet got into an accident with the taxi, the police arrested him and federal prosecutors took over the investigation, on suspicion of murder “under special circumstances.” It was shortly after 1:30 p.m.

Footage from the camera mounted on his helmet helped the authorities piece together the sequence of events, said Mr. Stahlknecht, the security official. It also served as evidence of the scope with which the attacker envisioned his crime.

“He wanted to have a worldwide effect,” Peter Frank, Germany’s federal prosecutor said at a news conference on Thursday. “He wanted to mimic similar acts that happened in the past, and he also wanted to incite others to copycat his acts.”

During the confused chase, those who were worshiping inside the Humboldt Street synagogue continued with prayers and songs, infused with an energy of resilience and perseverance.

Only later did they learn that, while they had escaped unscathed, two people had died.

“Our community was saved by a miracle by a door that wouldn’t open,” Mr. Waxman said. “That is juxtaposed with tragedy of two people losing their lives.”

Officials in Saxony-Anhalt, where Halle is, said Mr. Balliet did not have a criminal record and had not been on the authorities’ radar as a potential extremist. Little other information about him was known on Thursday.

Mr. Frank said his office faced “a lot of questions” about the suspect, including how he was radicalized, how he secured the materials to build the weapons and explosives used in the attack, and whether he had any supporters.

In Benndorf, the town outside of Halle where Mr. Balliet lived in an apartment with his mother, nobody seemed to know him. Sandra Kalkanis, who runs a Greek bistro said, “Even at the Easter festival where the whole village turns out, no one ever saw him.”

Jewish leaders demanded on Thursday to know why their appeals for increased police presence around the synagogue had been ignored. While Jewish institutions in most large cities in Germany have a round-the-clock police detail, that was absent in Halle.

Local police officers said there had been no threats posed to the synagogue in the past five years, and officials at the state level had accepted their assessment that it would suffice if officers passed by on occasion.

But Mr. Seehofer, the interior minister, said he would assess whether the county needed an updated security concept for synagogues in view of the recent rise in anti-Semitic attacks. Germany experienced at least 1,800 anti-Semitic crimes in 2018, a 20 percent increase over the previous year, according to German officials.

“We vowed, never again,” Mr. Seehofer said. “This government will do everything possible so that Jews can live again in this country without threat or fear.”

But the expansion of a more globalized, digitized version of right-wing extremism is challenging a system that has long been accustomed to monitoring local neo-Nazi networks. German authorities have been slower to respond to the growth of right-ring extremist channels online.

German security officials’ response has been weaker “when it comes to message forums like 4chan and 8chan and this new, more diffuse and ideologically more promiscuous far-right extremism,” said Peter R. Neumann, a professor of security studies at King’s College.

Schimon Meyer, 31, who was inside the synagogue with his wife, Luba, said safety was not his main concern on Wednesday, although he knew it was Yom Kippur. “Historically it’s the day when the Jewish people have been most targeted,” he said.

When worshipers were finally escorted out of the synagogue and onto a bus, they continued their songs, surprising the bus driver, Ms. Meyer said. At the hospital, they finished the service, even blowing the shofar, or ram’s horn, to mark the end of Yom Kippur at sundown, she added.

“We wanted to show that we weren’t defeated,” Ms. Meyer said, “but that we defeated the situation.”

See Original Post

Reposted from WCBV5

The Museum of Fine Arts is making changes after a group of minority middle school students said they were discriminated against during a spring field trip because of their race.

A video that will be sent to schools will outline new procedures at the museum and highlight increased staffing in select galleries.

"The majority of our visits are self-guided, but we don't want that to mean unguided," said Makeeba McCreary, the MFA Chief of Learning and Community Engagement.

On May 16, a group of 26 middle school students and chaperones from Davis Leadership Academy in Dorchester visited the museum. During the visit, students reported that they were met with racism and verbal abuse from visitors and staff during a self-guided tour.

Museum officials said they investigated the four racist incidents that were reported during the field trip. Investigators reviewed security footage of the three-hour visit. 

Two visitors who were found to have made racist comments to the students by museum officials had their memberships revoked and were banned from visiting the museum grounds.

The museum also investigated an allegation from a teacher, Marvelyne Lamy, who said an employee greeted students with a slur, "No food, no drink, no watermelon." The museum said that employee recalled telling students "no food, no drink and no water bottles" were allowed in the galleries, which is part of standard operating procedure. Officials said there was no way to definitively confirm or deny what was said or heard in the galleries.

Lastly, the museum responded to the teachers' complaint that a security guard followed the students into the museum. Officials said the class actually visited spaces patrolled by 13 separate security guards.

"Based on surveillance footage, it is understandable that, because of this movement, the students felt followed," officials wrote. "That was not our intention. It is unacceptable that they felt racially profiled, targeted and harassed. In response, the MFA is taking a number of steps to adapt security procedures -- specifically designed to make sure that all people feel welcome, safe and respected at the Museum."

The museum instituted additional training for all front-line staff on how to engage with incoming school groups about policies and guidelines.

“I am cautiously optimistic and encouraged by the work that has happened here," said City Councilor Kim Janey, who represents District 7. "But, again, there is much more work to be done.”

The museum said it will continue to work with school groups as an outside investigation into the reports of racism continues.

See Original Post

Reposted from the BBC

An intruder who broke into the former home of suffragette leader Emmeline Pankhurst was found asleep on bean-bags, a charity has said.

The man was discovered inside Manchester's Pankhurst Centre museum at about 02:00 BST following reports of vandalism.

Museum boss Gail Heath said she arrived to find the building's "beautiful Georgian windows" had been "kicked in".

Repairs to the site, which also offers services for vulnerable women, are set to cost £15,000.

Sash windows, soft furnishings and suffragette costumes were damaged during Tuesday's break-in, said Ms Heath, who estimated the cost of the damage at about £15,000.

She said she was called to the museum in the early hours.

"When I arrive I can see that someone's kicked in our beautiful Georgian windows and when I open the museum door I find someone fast asleep on the bean-bags in the museum," she said.

Security had already been stepped up after a previous break-in just a few days before.

"We don't think much has been taken because of the initial intruders we'd moved some of our most precious stuff out of the way but quite a bit's been damaged," Ms Heath said.

"The fact that the intruder may well have just been looking for some shelter, maybe he was a person without a home, makes this even more difficult for us because that's sad in itself," she added.

Emmeline Pankhurst founded the Women's Social and Political Union - later becoming known as the suffragettes - at the building at 60-62 Nelson Street in 1903.

Ms Heath said the break-in happened before a series of events to mark the anniversary of founding of the suffragette movement on 10 October.

The centre is also home to Manchester Women's Aid.

A statue of Emmeline Pankhurst was unveiled in Manchester in December to mark a century since British women first voted in a general election.

See Original Post