The federal opposition has raised concerns with the lack of transparency from Commonwealth entities where cybersecurity is concerned. During a hearing held by the Joint Committee on Public Accounts and Audit on Tuesday, representatives from the Australian National Audit Office (ANAO) were probed on the reasons why Commonwealth entities are continually performing low in audits […] More

Ransomware is a growing international problem and it needs global cooperation in order to prevent attacks and take the fight to the cyber criminals behind the disruptive malware campaigns.A paper by the Institute for Security and Technology’s (IST) Ransomware Task Force (RTF) – a coalition of cybersecurity companies, government agencies, law enforcement organisations, technology firms, academic institutions and others – has 48 recommendations to help curb the threat of ransomware and the risk it poses to businesses, and society as a whole, across the globe.

Members of the group include Microsoft, Palo Alto Networks, the Global Cyber Alliance, FireEye, Crowdstrike, the US Department of Justice, Europol and the UK’s National Crime Agency.SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  Some of the solutions suggested include governments giving a helping hand to organisations affected by ransomware and providing them with the required cybersecurity support so they don’t fall victim in the first place. Others focus on more direct action, such as taking the fight to ransomware gangs by disrupting their infrastructure, or even regulating Bitcoin and other cryptocurrencies that cyber criminals use to anonymously demand ransom payments from victims.Ransomware attacks involve cyber criminals compromising the networks of organisations – often via phishing attacks, stolen Remote Desktop Protocol (RDP) credentials or exploiting software vulnerabilities – and then encrypting as many files and servers with malware as possible.

Organisations will in many cases only become aware they’ve been infected when they see a ransom note on the screens of machines across their network. Often, the victims feel as if they’ve got no option but to pay the ransom – which can amount to millions of dollars – in order to restore the network.Ransomware has been around for a number of years, but the cyber criminals behind the attacks are getting bolder, demanding ever-growing ransoms from targets and in many cases blackmailing organisations into payment by threatening to leak sensitive data stolen from the compromised network. And it isn’t just sophisticated criminal gangs that are causing problems; the rise of ransomware as a service means that almost anyone with the skills required to navigate underground forums on the dark web can acquire and use ransomware, safe in the knowledge that they’ll probably never face being arrested for their actions.”The tools are available to malicious actors to ramp up the scale of what they want to do and be able to get away with it. That’s what happens as technology diffuses into society and you have inadvertent ramifications which have to be dealt with,” says Philip Reiner, executive director of the RTF and CEO of IST. “We’re grappling with that as a global society and we have to come up with better solutions for the problems it presents.”Ransomware isn’t new, it’s existed in one form of another for decades and the threat has been rising over the past five years in particular. While it’s perceived as a cybersecurity problem, a ransomware attack has much wider ramifications than just taking computer networks offline. Ransomware attacks are increasingly targeting critical infrastructure, and crucially, over the course of the past year, healthcare. But many organisations still aren’t taking the necessary precautions to protect against ransomware, such as applying security patches, backing up the network or avoiding the use of default login credentials. These concerns are viewed as issues for IT alone, when in reality it’s a risk that needs the focus of the entire business. “We have to stop seeing leaders think of this as a niche computer problem; it’s not, it’s a whole business event. You should think about ransomware in the same way you think about flooding or a hurricane – this is a thing that will close your business down,” says Jen Ellis, vice president of community and public affairs at Rapid7 and one of the RTF working group co-chairs.”But we don’t. We think about it as a niche computer event and we don’t recognise the impact it has on the entire business. We don’t recognise the impact it has on society.”In 2017, the global WannaCry attack demonstrated the impact ransomware can have on people’s everyday lives when National Health Service (NHS) hospitals across the UK fell victim to the attack, forcing the cancellation of appointments and people who came for treatment being turned away. But years later, the problem of ransomware has got worse and in some cases hospitals around the world are now actively being targeted by cyber criminals.”You would think there would be no greater wake-up call than that, yet here we are years later having these same conversations. There’s a real problem with how people think about and categorise ransomware,” says Ellis.To help organisations recognise the threat posed by ransomware – no matter the sector their organisation is in – the RTF paper recommends that ransomware is designated a national security threat and accompanied by a sustained public-private campaign alerting businesses to the risks of ransomware, as well as helping organisations prepare for being faced with an attack.But the Ransomware Task Force isn’t just suggesting that governments, cybersecurity companies and industry are there to help organisations know what to do if faced by a ransomware attack – one of the key recommendations of the report is for cybersecurity companies and law enforcement to take the fight to the cyber-criminal groups behind the attacks. A recent operation involving Europol, the FBI and other law enforcement agencies around the world resulted in the takedown of Emotet, a prolific malware botnet used by cyber criminals – and something that had become a key component of many ransomware attacks.

Many cyber criminals switched to using other malware like Trickbot, but some will have taken the fall of Emotet as a sign to give up, because finding new tools makes it that little bit harder to make money from ransomware. “If you’re screwing with infrastructure, like going after Emotet, you’re making it harder,” says Chris Painter, president of the Global Forum on Cyber Expertise and former senior director for cyber policy at the White House. In line with this, the paper recommends that the pace of infrastructure takedowns and the disruption of ransomware operations should increase – ultimately with the aim of arrests and bringing criminals who develop and deploy ransomware to justice.SEE: This company was hit by ransomware. Here’s what they did next, and why they didn’t pay upIt’s notoriously difficult to apprehend members of ransomware groups, especially when it’s an international problem. More often than not, the organisation that comes under a ransomware attack faces an extortion demand from someone who is in another country entirely.And that’s a particular problem for European and North American governments, when large quantities of ransomware attacks by some of the most prolific groups appear to originate from Russia and former-Soviet states – countries that are highly unlikely to extradite suspected cyber criminals.But identifying cyber criminals isn’t impossible – the United States has indicted individuals from Russia for the NotPetya cyberattacks, as well as naming and shaming three North Koreans for their involvement in the WannaCry ransomware attack. Meanwhile, Europol has previously arrested individuals for being involved in ransomware attacks, demonstrating that, while difficult, it isn’t impossible to track cyber criminals down and bring them to justice.One key factor that has allowed ransomware to succeed is that attackers are able to demand payments in Bitcoin and other cryptocurrency. The nature of cryptocurrency means that transactions are difficult to trace and, by the time the Bitcoin has been laundered, it’s almost impossible to trace back to the perpetrator of a ransomware attack.The Ransomware Task Force suggests that in order to make it more difficult for cyber criminals to cash out their illicit earnings, there needs to be disruption of the system that facilities the payment of ransoms – and that means regulating Bitcoin and other cryptocurrency.”It’s recognising that cryptocurrency has a place and there’s a reason for it, but also recognising that it’s notoriously being used by criminals – is there more that can be done there to make it harder for criminals to use it, or make it less advantageous to them,” says Ellis.Recommendations in the report for decreasing criminal profits include requiring cryptocurrency exchanges to comply with existing laws and to encourage information exchange with law enforcement. The idea is that by applying additional regulation to cryptocurrency, it allows legitimate investors and users to continue using the likes of Bitcoin and Monero, but makes it harder for cyber criminals and ransomware gangs to use it as an easy means of cashing what they’ve extorted out of victims – to the extent that, if it’s too difficult, they won’t bother with attacks in the first place. “If they’re using cryptocurrencies as a way to hide, if you have more compliance with existing regulations, it makes it tougher for them,” says Painter.The paper offers 48 recommendations and has been presented to the White House. It’s hoped that with cooperation across the board, businesses can be provided with the tools required to prevent ransomware attacks, governments can get more hands-on with providing help, and law enforcement can hunt down ransomware attackers – but it’s only going to work if ransomware is viewed as global problem, rather than one for individual organisations or governments to fight alone.”What’s really important is that this has an international perspective on it, because it’s not an American problem, it’s an international problem,” says Reiner.MORE ON CYBERSECURITY More

Zain bin Awais Follow ZDNET: Add us as a preferred source<!–> on Google. ZDNET’s key takeaways The iPhone Fold could come close to Samsung’s Galaxy Z Fold 7 in terms of thickness. Apple’s first foldable iPhone might bring Touch ID back to iPhones. It is rumored to sport a smaller display than the iPhone 16. […] More

Australian beverage giant Lion has provided another update to the ransomware attack it suffered earlier this month, saying that over the past week, the company has continued to make progress in restoring many of its key systems. With data purporting to be from the company said to be available on the “dark web”, Lion, formerly […] More

This week, the Centers for Disease Control (CDC) released its first set of guidelines for people who have been fully vaccinated against COVID-19. People who are fully vaccinated can safely visit other vaccinated people inside without wearing a mask or social distancing. Vaccinated people can also see unvaccinated people without masks or social distancing as long as the unvaccinated person is at low risk for severe disease.

For hundreds of millions of Americans, this is extremely welcome news. Not having to wear a mask in lower-risk scenarios is great news for individual freedom and everyone’s mental health.
However, even after many people are vaccinated, it doesn’t mean that our experience with masks is over. The nature of COVID-19 virus mutation and evolution — and its endemic and airborne nature in modern society — tells us that SARS-CoV-2 will be with us for a very long time, if not forever. After all, H1N1 and its variants are still with us today, 100 years following its appearance in the 1918 pandemic. The novel coronavirus is now much more contagious, with new emerging strains like B.1.1.7 replacing the original as the predominant strain in some locales. It’s also possible that a few mutational generations will result in vaccine escapism for the virus, re-introducing the need for mask mandates until another generation of vaccines can be formulated and administered.  
For that reason, protective mask technology requires continued innovation. The best protection possible is also critical for those of us more vulnerable (due to immune disorders and other comorbidities) and front-line healthcare workers. 
Enter UVMask

Jason Perlow wearing UVMask
Image: ZDNet
In late June of 2020, a fledgling Brighton, Colorado startup, UM Systems, initiated a crowdsourced project on Indiegogo and Kickstarter to create the ultimate PPE mask for civilian use. What makes it the ne plus ultra in mask PPE? The company was looking to solve multiple problems with existing solutions:
Create an airtight seal
Provide particle filtration at the 0.3-micron level 
Provide the ability to completely inactivate a pathogen by killing it or rendering it harmless
Provide a mask that is comfortable to wear
Provide ventilation using a fan and positive air pressure
Eliminate fog for eyewear users
While some products could provide solutions to some of these issues, none could achieve all of the above. After over $4 million in seed backing, the company has shipped its first version.
The technology behind UVMask

Interior of UVMask
Image: ZDNet
As an original backer, I waited approximately eight months for the product to ship. While this sounds like a very long time, we are talking about a product that had to be rapidly prototyped under unusual market conditions and during a time when production facilities in China have seen their manufacturing capabilities interrupted. That the company was able to achieve this under such accelerated timeframes is really quite remarkable. It’s also expected that since this is a first-generation product and that testing has been much more limited than what a large-scale PPE manufacturer or a technology company can achieve under similar constraints, the first product will be far from perfect.

UM Systems ships two versions of UVMask: The full-blown version ($120) that contains electronic components, and a “Lite” version is essentially the full version’s shell, with removable filters suitable for use in lower-risk environments. The Lite version is being offered exclusively to UVMask backers at a reduced price (approximately $30). I ordered both products for two different face sizes. Fitting to face sizes is addressed with replaceable medical-grade silicone padded inserts that handle the vast majority of face geometries in “S” and “X” sizes. The company is developing additional sizes to address wearers with particular facial features, such as higher nose bridges.
The electronic version is distinct from all other replaceable filter masks that are on the market. In addition to having FFP2 (equivalent to KN95) and FFP3 filters, the mask utilizes 275nm wavelength UV-C LEDs inside the housing air channel to completely inactivate viruses at the DNA level that get past the filters. Additionally, an integrated brushless 20,000 RPM fan reduces CO2 accumulation, increases oxygen level for better breathability and ventilation, and minimizes moisture build-up.
Using UVMask

UVMask while charging
Image: ZDNet
The tech behind UVMask is impressive, but what about actually using it? Let’s start with the construction: It’s made of a hard plastic that comes in three pieces — a front replaceable shell (available in three colors, titanium grey, white, or black), which attaches magnetically to the main assembly where the upper and lower silicone straps are also attached. The main assembly, in turn, attaches to the face pad, which is made from medical-grade silicone rubber and is easily removed for cleaning.
The first thing you notice when you turn it on (using a small button that is recessed inside a rubber flap on the bottom front of the mask) is the brushless fan’s high-pitched whine — it’s prominent, although I didn’t find it overwhelming or annoying. Still, it is very noticeable in indoor environments. 
However, this noise is easily forgiven because the positive airflow makes it far easier to breathe with these FFP2 and FFP3 filters inserted than a typical KN95 type respirator. Even here in Florida’s high humidity environment, I have not once seen my glasses fog up during several hours of protracted outdoor use. With the correctly sized silicone inserts, it is quite comfortable to wear despite the considerable weight, and the silicone straps keep it tight and well-supported on your face.
As far as power, the device uses USB-C under a recessed port with a rubber tab in the mask’s front to charge its dual internal 1800mAh (non-removable) Li-Po batteries, but it does not come with a power adapter, only a charging cable. I don’t see this as a significant downside as most people own smartphones and other charging equipment, and it doesn’t require high wattage to charge it — a port on a PC or any 5V USB-A charger with the USB-A to USB-C cable works fine. The LEDs on the top of the mask light up red to indicate charging and light up white when charging is complete. They also turn on when you click on the tiny stud button to turn the mask on and switch between “Pro” and “Econ” modes. 

The batteries are designed to have 1,000 full charging cycles before the capacity drops to below 80%. They should be good for a couple of years of daily use, at least, and you will probably get a new next-generation UVMask before the batteries run out. 
I would like to see a more prominent button on the mask that I can feel with my fingers to switch it on when the mask is already on my face or hanging from my neck and to toggle between modes, but this is a nitpick. A fully charged battery will get you eight hours of continuous use. If the battery depletes while you’re wearing the mask, the integrated filters will still function as if was the “Lite” version of the product. Note that you will need to use a USB-A to USB-C cable and connection to charge the mask; a USB-C to USB-C cable with a USB PD charger will not work.
Room for improvement, but still an excellent product
First, the mask is considerably larger than what most people are accustomed to wearing, and it is not lightweight by any means — it weighs approximately 9.4 ounces. If you wear this for hours at a time, expect some neck fatigue. The “lite” version without the electronic components is 4.1 ounces and is probably a more realistic solution for lower-risk environments, where you are more likely to wear it for extended periods. 
Let’s also get this out of the way: Don’t expect to have extended conversations while wearing the UVMask. In a next-generation product, I would like to see a rudimentary microphone and speaker system because you’ll find your voice to be extremely muffled, and you’ll have to talk considerably louder than normal to get your point across. It almost felt like I was re-enacting “Dark Helmet” in Spaceballs. With the integrated fan’s positive airway pressure, it feels a lot like wearing a CPAP mask. In fact, CPAPs were highly influential in the product’s design.
You can easily remove the silicone inserts and the front shell for end-of-day cleaning with isopropyl alcohol. However, I do find the silicone a bit challenging to put back on the mask, as it has an inner “lip” that needs to be inserted in just the right way along the rim of the mask housing, or it will fall off. It takes some practice to get this right; with wear, it gets easier. But it can still be annoying because if you keep the mask in a bag, the silicone easily pops off. This isn’t an issue when wearing it, only when storing it — UM Systems sells a hard case for the mask if you will be transporting it regularly.
Inserting the filters takes some practice and can be a little bit frustrating. The initial version of the “Lite” masks had UM95 FFP2 filters that fell inside the air channel if you did not align them perfectly — rendering the product useless. UM99 FFP3 filters are more rigid and less flexible than UM95 FFP2 filters because of the larger amount of filter material used, so they did not experience that issue. 

The metal washers had to be rapidly prototyped after the masks were manufactured
Image: ZDNet
The threading that connects the circular filter housings is very short, so it takes some skill in holding the mask chassis steady and above the filter packs to get them secured properly. To address this, UM Systems will now send customers a set of metal washer rings that completely prevent the filters from falling into the air channel, alleviating that problem. However, the washers also make the filter caps harder to screw on. These washers had to be rapidly designed to fix the filter problem after the masks had been manufactured; I expect newer versions of the mask will accommodate the washers as part of the overall design and have longer threads and filter caps that are easier to screw on.
Overall, I feel the straps work fairly well, but they are thinner than I expect for a mask that weighs 9.4oz and twist up fairly easily (although this does not affect the product’s performance, it’s a purely aesthetic issue). I’d like to see a thicker version of the headgear similar to what we see on a CPAP mask of similar weight. 
Also, removing the mask for eating and drinking can be problematic as the straps are not of the quick-disconnect type; they are threaded into notches in the front mask shell and secured with camera strap-style clips, so pulling off the upper strap results in the mask hanging very close to your neck on your chest. At 9.4oz, it is heavy — the only other option is to remove the mask when not in use completely. The company does sell an optional velcro strap kit, but I did not get to test these. A magnetic-style quick disconnect on the lower part of the mask would be preferable.
I should add that an upper head and neck strap configuration is the only correct way to install the straps — you do not want to install them sideways (as another reviewer did at the Australian Financial Review and resulted in a negative product evaluation experience) because your ears cannot support the weight of this product. I recommend watching the product videos that UM Systems has provided for proper strap installation and mask fit.
Is the product perfect in its first version? No. But is it worth the money? Yes. In cases where you need to be out in public and in dense, higher-risk areas where you have high confidence that people around you may be infected, UVMask is an excellent solution for staying safe in a post coronavirus world. 
You can order the UVMask through UM Systems’ Indiegogo page.

Coronavirus More