Information Technology

The New South Wales government has announced the state-wide rollout of a new app designed to help frontline child protection caseworkers reduce paperwork so they can spend more time supporting vulnerable children.
The ChildStory Mobile is the modified version of the ChildStory desktop system used by the Department of Communities and Justice for child protection and out-of-home care. It enables caseworkers to complete home visit records and upload files, access client information, complete safety assessments, and instantly create digital safety plans that can be signed and instantly shared with families.
“This Australian-first app will provide caseworkers with real-time access to vital information, allowing faster responses and better outcomes for vulnerable kids,” Minister for Families, Communities and Disability Services Gareth Ward said.
In addition, the department has signed a four-year deal with the CSO Group, valued at AU$16 million, for the delivery of new cybersecurity solutions for the cloud, endpoint, and email.
Under the deal, CSO Group will deliver an integrated managed security service designed to deliver insights and protection for the department.
Meanwhile, New South Wales Police has signed New York-based Mark43 to become what it has dubbed its “designated” technology partner that will see it provide and implement the call-taking, dispatch, records, investigations, and forensics components of the new Integrated Policing Operations System (IPOS) for the force.
The partnership between the pair was initially forged last April when the force said it would adopt the company’s cloud-based records management software and its computer-aided dispatch system, through Unisys Australia.

At the end of last year, the force, together with Mark43 and Unisys, said it would be kicking off its mainframe modernisation project that will see the force’s central database, which is used for everyday operations, including logging criminal incidents to intelligence gathering, and pressing charges, be replaced with the new IPOS. The project is expected to take five years to complete and will be carried out in three phases. 
Related Coverage More

Community Linux distributions are easygoing with updates and patches. Yes, they’d like you to update, but they don’t insist on it. Now, though, the popular Linux Mint distribution has had enough of people running out-of-date distributions and programs. In the future, Mint’s Update Manager may “insist” you make important security updates.  

ZDNet Recommends

The best cyber insurance
The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.
Read More

This all started because Mint’s maintainers found many Mint users were not keeping their software up-to-date. Mint researchers found less than a third of its users updated their web browser within a week of a new version’s release, and as many as 30% of users may still be still running Linux Mint 17.x. That specific distribution hasn’t been supported since April 2019. This, in turn, meant they haven’t received security updates for close to two years. 
Yes, Linux tends to be more secure than other operating systems, but that doesn’t mean there have been no serious security bugs. For example, a decade-old sudo bug has recently been patched, and the ancient — but always troublesome — memory addressing tool set_fs() was finally removed. As lead Mint maintainer Clement “Clem” Lefebvre wrote, you must update not just because an outdated system is vulnerable, “it is known to be vulnerable.”
Besides, Update Manager doesn’t just patch Linux bugs, it also updates and patches all software on your Linux system. So, for example, when you update Linux Mint, you’re also updating the default Firefox web browser. 
It’s not like it’s hard to do either. Clem said: “Linux Mint comes with one of the best update managers available. It’s very easy to use, it’s configurable, and it shows a lot of information.” He’s right. “All you need to do is use it.”
Unfortunately, even after warning users that they need to keep their Mint systems up to date, people still aren’t doing it. 
Why? Clem explained in a note: “Many users think updates should be applied but don’t do it often, either because they haven’t gotten around to automate the process, or they thought they’d do it often but they don’t, or for some, they even got used of that little orange dot in their system tray and don’t really pay attention to it anymore. Giving these users a reminder after a while is something they might appreciate, they’re the people we’re doing this for.”

Therefore, Mint developers are working on Update Manager improvements. Besides looking for available updates, the Manager will also track cases where updates are overlooked. This will include metrics on when updates were last applied; when were packages last upgraded; and how many days have passed since a particular update was made available. 
Armed with this data, “in some cases, the Update Manager will be able to remind you to apply updates. In a few of them, it might even insist.”
The developers don’t want to get in your way. As Clem wrote, “We have key principles at Linux Mint. One of them is that this is your computer, not ours.” 
This also means that this data won’t be sent to the Linux Mint organization. Clem explained, “Under no circumstances will the data be sent anywhere.” Instead, the Update Manager only keeps the data it needs to make sure you’re at least looking at available patches. If you are, it then deletes the local data. 
At the same time, they don’t want users continuing to run potentially dangerously out-of-date setups. So, at this point, “We’re still forming strategies and deciding when and how the manager should make itself more visible so it’s too soon to speak about these aspects and get into the details which probably interest you the most here. So far we worked on making the manager smarter and giving it more information and more metrics to look at.”
Eventually, Mint may be more aggressive about insisting you secure your system, but for now, its developers are trying to strike a balance between keeping users safe and not annoying them. Stay tuned for more developments.
Related Stories: More

Image: iStock/Drazen Zigic
Once upon a time, remote work was something only tech startups considered to be an option for staff members scattered across the globe. Then a pandemic struck, forcing businesses everywhere to reconsider the possibility that allowing employees to work from home might be the only way to keep the company from failing.

According to a TechRepublic survey, 61% of businesses have gone out of their way to make remote work possible for most employees. That’s not a blip on the radar. Given that an overwhelming majority of respondents (61%) would rather work from home than in an office, it’s safe to say the remote work option is here to stay.
For employees, it’s a change in routine and locale, but for businesses, it’s much more than that — every company has far more to consider. Let’s dive into five considerations that your company must understand for a smooth and productive work-from-home experience.
SEE: Speed up your home office: How to optimize your network for remote work and learning (free PDF) (TechRepublic)
Remote office tools
No matter where your employees work, they need the right tools. When those employees are working in the office, you provide them with everything necessary to get the job done: Computers, printers, mobile devices, desks, chairs, network devices, software, white boards, and more. If you believe employees working from home should be on their own for equipment, you’re doing remote work wrong. If you’re not willing to directly pay for the tools your employees need, you should at least consider allowing them to expense those costs. But all purchases must be approved — otherwise, you’ll wind up with employees buying extravagant chairs and laptops. 
According to our survey, 56% of respondents said that their company had done a poor job of supplying the necessary hardware (computers, printers, and so on) and 52% of respondents said their company had done a poor job supplying them with the necessary office equipment (desks, chairs, etc.) to work remotely. Unless this improves, staff will either be incapable of doing their jobs with any level of productivity (at best) or they’ll burn out and quit (at worst).
At a bare minimum, your company should supply remote workers with:
A computer or laptop for work only
A printer (if needed)
All software necessary to do their jobs
A VPN (if security is a concern)
Managing burnout

Burnout is a serious issue with employees who are not accustomed to working from home. Why does this happen? The biggest reason is the inability to separate work from home. When this happens, the lines blur so much that employees can begin to feel as though they’re working 24/7/365. On top of that, people no longer get a much-needed break from family life. That one-two punch makes burnout happen faster and on a more profound level.
How do you manage this? The most important thing you can do is keep the lines of communication open. You’ll need to have someone (or multiple people) on hand to talk to staff in order to help them through these periods.
You’ll need to educate your staff to:
Create a routine such as scheduled work times that clearly define ‘work time’ and ‘home time’.
Set boundaries like, “When the office door is closed, I’m at work.”
Communicate with family — make sure your employees are doing a good job of communicating with their loved ones.
Practice self-care. Your employees will need, on some level, to learn how to take care of themselves to avoid stress.
Understand priorities so your staff always know what work takes priority and what work can be put off.
According to our survey, 78% of respondents indicated they were working from home five days a week. If those staff members don’t work smart, they’ll suffer burnout fast. Feeling like you’re ‘in the office’ day in and day out can be exhausting. To that end, you’ll need to consider allowing staff to work a flexible schedule.
Managing a flexible schedule
This one is a challenge for most businesses because nearly every company works on the assumption that business hours are universal. There’s a reason why Dolly Parton’s “9 to 5” resonates so well with a majority of the population around the world. 
However, with remote workers, the idea of a set work schedule needs to be thrown out the door. You must remember that people are working at home, which can throw a major wrench in the works. What am I talking about?
Tending to children who aren’t in school
The possibility of burnout
Family responsibilities
Less reliable networks
Equipment failure
The single most important thing to consider is that your employees do prefer to work from home, and can be even more productive working in that comfortable environment. But that improved productivity might come with a price for your company in the form of allowing for flexible schedules. 
Remember: As long as work is getting done in a timely fashion, it shouldn’t matter when it’s getting done.
Security is key
One thing your business must consider is security, and how to help your remote workers do their jobs without compromising company data. This might mean you’ll need to purchase enterprise-class VPN services for those who must transmit sensitive data from their home networks. Those employees who deal with very sensitive data might also need to be trained on how to use encryption.
Another issue that must be addressed is passwords. You probably have password policies in place for office-based staff, but you can’t enforce those policies on their home networks, which means you’ll need to train your remote workers to change all network passwords (such as those for wireless routers) to be strong and unique. Even if you also have to get those employees up to speed on using a password manager (which they should anyway), this cannot be stressed enough.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
KPIs to monitor
You need to know which Key Performance Indicators (KPIs) to monitor, and I suggest these KPIs as a good starting point.
Self-discipline: An employee’s ability to work independently.
Effective communication: An employee’s ability to communicate effectively and efficiently with teams and clients.
Learning skills: An employee’s ability to not just follow a known instruction set, but also to learn new things efficiently.
Remote vs. local tasks: Are there tasks that can or cannot be performed remotely? You must know the difference.
Accountability: Employees must learn to hold themselves accountable to get their tasks done with less supervision.
Self-discipline: Employees must be capable of staying on-task with less supervision.
Collaboration: Employees must be capable of working with other teammates efficiently via video/audio chat and email.
Availability: Managers must be available to discuss work-related matters during business hours. Although employees might work a flexible schedule, they must also be available during business hours.
Conclusion
Your company’s transition from a standard work environment to a full remote or hybrid (remote and in-house) environment doesn’t have to be a challenge. Given that nearly every business across the globe has been practically forced into this new world order, the hard part is already taken care of. With just a bit of extra planning and work, you can make this new reality not only seamless but even more productive. 
Also see More

Malaysia Airlines has suffered a data security “incident” that compromised personal information belonging to members of its frequent flyer programme, Enrich. The breach is purported to have occurred at some point during a period that spans almost a decade and involves a third-party IT service provider. 
The airline had sent out an emailer to Enrich members this week, stating it was notified of a “data security incident” at the third-party IT supplier. The breach involved “some personal data” and occurred some time between March 2010 and June 2019, it said, adding that these details included members’ name, date of birth, contact information, and various frequent flyer data such as number, status, and tier level. 

Travel data such as itineraries, reservations, ticketing, and ID card, as well as payment details were not compromised, according to Malaysia Airlines. Its own IT infrastructure or systems also were not affected, the carrier said.  
It noted that there was “no evidence” any personal data had been misused and the breach did not expose any account passwords, though, it urged Enrich members to change their passwords as a precaution. The airline also directed customers to pose any queries they might have directly via email to its data privacy officer. 
At press time, Malaysia Airlines had yet to make a public statement on the security breach or post a notice on its website. It did, however, appear to confirm the incident on Twitter in its replies to customers. 
In one of several such responses, the national carrier said: “The data security incident occurred at our third-party IT service provider and not Malaysia Airlines’ computer systems. However, the airline is monitoring any suspicious activity concerning its members’ accounts and in constant contact with the affected IT service provider to secure Enrich members’ data and investigate the incident’s scope and causes.”
It reiterated its stance that there was no indication the breach impacted any account passwords, but advised members to change their passwords as a precautionary measure. 

The airline just in January had announced plans to introduce a fare-based earning programme and new tier qualification framework for Enrich, slated to commence in April 2021. 
Singapore telco Singtel also recently suffered a data security breach that involved a third-party IT vendor, which file-sharing system had contained vulnerabilities that were unsuccessfully patched. 
RELATED COVERAGE More

Two very different forms of ransomware with different methods targeting two different operating systems likely to have started off as one kind of ransomware, before those working on it split apart, demonstrating how ransomware is constantly evolving and how new threats continue to pose a risk to potential victims.

ZDNet Recommends

Cybersecurity researchers at Intezer analysed two forms of ransomware — QNAPCrypt and SunCrypt — and have concluded that one evolved from the other.
QNAPCrypt first emerged in mid-2019 and targets network-attached storage devices running on Linux. Meanwhile. SunCrypt ransomware first appeared in October 2019 and targets Windows systems, but it didn’t really gain notoriety until attacks increased in the middle of 2020, following an update.
At first glance, QNAPCrypt and SunCrypt appear unrelated — they’re two different forms of ransomware, distributed by two different groups and they target two forms of operating system.
The two ransomware-as-a-service operations are also run in different ways, with the distributor behind QNAPCrypt rarely posting about their ransomware on underground forums.
Meanwhile, the operator behind SunCrypt appears to be purely focused on advertising their product, repeatedly posting messages to recruit affiliates in order to make as much money from receiving percentages of ransom payments as possible. The operators of SunCrypt also favour the double extortion technique, threatening to leak stolen data of victims which don’t pay ransom demands — as well as targeting hospitals.
But while it’s clear that the two campaigns are very different and operated by different individuals, analysis of both forms of ransomware reveals that QNAPCrypt and the early version SunCrypt share identical code logic for file encryption, leading researchers to conclude with “high certainty” that both forms of ransomware were compiled from the same source code.

SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)  
Researchers also identified similarities in key generation and how the code is written and deployed for checking the geographic location of the infected victim. Both QNAPCrypt and SunCrypt will cease encryption operations if running on a Belarusian, Russian or Ukrainian machine — while SunCrypt also adds Kyrgyzstan and Syria to the list.
SunCrypt has evolved since being released and is more distinct now, but the analysis of the older code makes it clear that the two forms of ransomware started life as one and the same thing — although how this ended up as two distinct variants and two different campaigns remains a mystery.
“They may have collaborated with the initial version of SunCrypt and the collaboration fell apart and they went their separate ways. Another theory is that the QNAPCrypt actor was hired to create the initial ransomware to launch the first version of the service,” Joakim Kennedy, security researcher at Intezer told ZDNet.
What the discovery of the two forms of ransomware being related does teach us, however, is that ransomware is constantly evolving and just because one family of ransomware is related to another, they don’t necessarily act in the same way — and that could be in ways which make it more dangerous.
“If a malware is exchanged, whether to an affiliate or over the dark web, then the new operators may choose different procedures, attack vectors, and targets. They might invest considerably in the new malware, adding features and evasion techniques,” said Kennedy.
Both QNAPCrypt and SunCrypt remain active in 2021, with QNAPCrypt in particular targeting systems with which haven’t had security patches applied for are secured with weak passwords. Applying the appropriate security patches and applying strong passwords — and multi-factor authentication — can go a long way towards protecting against falling victim to ransomware attacks.
MORE ON CYBERSECURITY More

Credit: Microsoft

It wouldn’t be a Microsoft event without a slew of Teams announcements. And on Day 1 of Microsoft’s virtual Ignite Spring 2021 event, officials didn’t disappoint.Microsoft announced a new channel-sharing feature coming to Teams broadly later this calendar year. Called Teams Connect, the feature will enable users to share channels with anyone — internal or external — to one’s organization. The shared channel will appear within a user’s primary Teams tenant, alongside other Teams channels. The new Teams Connect feature will be available in private preview starting today.If you’re wondering how Teams Connect compares to Teams Guest Access, it seems that with Guest Access, you can add an external user to your Teams environment, where they become a guest. With Teams Connect shared channels, multiple organizations can share a single channel that all members can then access from their own Teams environments.Channel sharing seems more suited for scenarios where multiple organizations are collaborating together on a specific project. Guest Access seems more suited to situations where an external party needs broad access to organizational data and information, above and beyond the channel.
See also: Microsoft Teams Panels wants to make your meetings easier when you’re back in the office |  Multi-account sign-in support added (sort of) | Teams Pro adds new webinar and ‘meeting intelligence’ capabilities | Outlook reminder gain a ‘join meeting’ button
Microsoft execs also said today that Teams will support end-to-end encyrption (E2EE) for one-to-one Teams calls. IT will have discretion over which users can use E2EE. E2EE for Teams 1:1 ad-hoc VoIP calls (as the feature is known officially) will be available in preview to commercial customers later in the first half of this calendar year.In addition, Microsoft is announcing officially the expected webinar capability for Teams which leaked last month under the name “Teams Pro.” Officials said today that Teams users can organize webinars for those inside and outside an organization of up to 1,000 attendees. Webinars can make use of custom registration; rich presentation options; host controls; and post-event reporting. Officials said those who want to broadcast to larger audiences (up to 20,000 people until June 30 and 10,000 after that) can switch to view-only broadcast. The webinar functionality will be included for no additional cost in many existing Microsoft 365/Office 365 business plans.Microsoft is adding to Teams a number of features that public speakers and PowerPoint jockeys will appreciate.PowerPoint Live in Microsoft Teams is all about enabling presenters to lead meetings with notes, slides, chat and participants in a single view. PowerPoint Live is available in Teams as of today. The new Presenter Mode in Teams lets users customize how their video feed and content appear to the audience. A mode called Standout shows the speaker’s video feed in front of shared content. There are also Reporter and Side-by-Side modes coming. Standout in Presenter Mode is launching this month; Reporter and Side-by-Side are “coming soon.” In addition, there is a Dynamic View which arranges elements of a meeting prioritized for an optimal video experience, officials said. Dynamic View is scheduled for rollout later this month, officials said.
At Ignite, Microsoft announced a new category of speakers called Teams Intelligent Speakers. Teams Intelligent Speakers can identify and differentiate the voices of up to 10 people talking in a Microsoft Teams Room. The speakers were created in partnership with EPOS and Yealink, officials said, two OEMs which both have devices certified as Intelligent Speakers. (Surface Hub also is considered a supported Teams Intelligent Speaker device, officials said.) Users can turn attribution on or off at any time for privacy and security reasons. And if these devices sound familiar, yes, there is/was a precedent: A conical speaker Microsoft demonstrated publicly in 2018 which could recognize multiple speakers even when their discussions overlapped.

Microsoft Ignite More

Cyberattackers behind ObliqueRAT campaigns are now disguising the Trojan in benign image files on hijacked websites. 

The ObliqueRAT Remote Access Trojan (RAT), discovered in early 2020, has been traced back to attacks against organizations in South Asia.
When first discovered, the malware was described as a “simple” RAT with the typical, core functionality of a Trojan focused on data theft — such as the ability to exfiltrate files, connect to a command-and-control (C2) server, and the ability to terminate existing processes. The malware is also able to check for any clues indicating its target is sandboxed, a common practice for cybersecurity engineers to implement in reverse-engineering malware samples. 
Since its initial discovery, ObliqueRAT has been upgraded with new technical capabilities and utilizes a wider set of initial infection vectors. In a blog post on Tuesday, Cisco Talos said a new campaign designed to deploy the RAT in the same region has changed how the malware is served on victim systems. 
Previously, Microsoft Office documents would be sent via phishing emails to a target that contained malicious macros leading to the direct deployment of ObliqueRAT. Now, however, these maldocs are directing victims to malicious websites instead — likely in a bid to circumvent email security controls. 
A technique known as steganography is in play. Steganography is used to hide code, files, images, and video content within other content of file formats, and in this case, the researchers have found .BMP files that contain malicious ObliqueRAT payloads. 
Websites that have been compromised by threat actors host these .BMP files. While the files do contain legitimate image data, executable bytes are also concealed in RGB data — and when viewed, trigger the download of a .ZIP file containing ObliqueRAT. 

According to the researchers, the malicious macros contained in the maldoc extract the archive file and deploy the Trojan on the target endpoint system. 
In total, four new versions of the malware have been recently discovered and appear to have been developed between April and November 2020. Improvements include checks for blocklisted endpoints and computer names, as well as the inclusion of the ability to extract files from external storage. A new command prompt, as of yet unassigned, also indicates that additional updates will occur in the future. 
ObliqueRAT has also been connected to campaigns distributing CrimsonRAT. There are potential links to Transparent Tribe (.PDF), a state-sponsored threat group Proofpoint says has previously attacked Indian embassies in Saudi Arabia and Kazakhstan. Due to C2 infrastructure overlaps, there may also be ties to RevengeRAT campaigns. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Google Cloud, Allianz Global Corporate and Specialty (AGCS), and Munich Re are pairing up to make cyber insurance more mainstream and embed it into cloud services.

ZDNet Recommends

The best cyber insurance
The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.
Read More

The partnership comes as it becomes increasingly clear that cyber insurance is going to play a role in enterprises of all sizes. Specifically, the trio of companies is launching the Risk Protection Program.
Also: What is cyber insurance? Everything you need to know
The Risk Protection Program aims to cut cloud security risks and offer cyber insurance designed for Google Cloud customers. What’s notable about the program is that cyber insurance, which is evolving, could become more mainstream should it be resold via technology providers.
Sunil Potti, general manager and vice president of Google Cloud Security, said that the partnership with Allianz and Munich Re has been “in the works for a few years.” Potti added that cyber insurance is an effort to turn the concept of shared responsibility of security into shared fate. “This is the first down payment on that journey,” said Potti.

Should the Google Cloud, Allianz, and Munich Re model be emulated, businesses could procure cyber insurance through enterprise software makers, security companies, web hosting firms, and other providers.
Google Cloud said that the Risk Protection Program aims to address the reality that more sensitive workloads are being housed in the public cloud. That fact also means that risk protection has to be more integrated with services. Customers, who were previously expected to create their own security models, will be able to leverage Google’s Trusted Cloud and layer in cyber insurance protection.

The parts of Risk Protection Program go like this:
Risk Manager, a diagnostic tool that enables Google Cloud customers to manage and measure risks on the platform get reporting. The Risk Manager tool is available to Google Cloud customers by request and will be prioritized for Security Command Center Premium customers in the US.
Cloud Protection +, a cyber insurance product that’s offered by AGCS and Munich Re, and designed for Google Cloud customers.
Customers would run Risk Manager and send to AGCS and Munich Re to obtain a quote for cyber insurance if eligible for Cloud Protection +. The companies’ theory is that cyber insurance procurement will be easier if integrated with Google Cloud.

A model to expand cyber insurance
AGCS said Cloud Protection + will cover cyber incidents within their own corporate environments as well as on Google Cloud.
For now, the offering is targeted at US Google Cloud users, but “this offering may be offered globally at a later date.”
Bob Parisi, head of cyber solutions at Munich Re, said that the partnership with Google Cloud will streamline applications and underwriting. Parisi added that Risk Manager will connect data to the underwriting process, but Munich Re and Allianz aren’t monitoring corporate networks in real time. “Risk Manager gives us an inside-out look at a company,” said Parisi. “We’re driving underwriting toward a more data-driven approach.”
Thomas Kang, the North American head of cyber, tech, and media at Allianz, said the goal was to make a program that was cloud-first given that’s where workloads are going.
The other moving part is that Risk Manager could gauge security posture of an enterprise over time. As a result, the more frictionless experience may improve underwriting speed as well as discounts over time.
In addition, Google Cloud also gets a bump from cyber insurance via the Allianz and Munich Re partnership. By leveraging cyber insurance partnerships, it can target more regulated industries such as financial services and healthcare. Allianz and Munich Re will share the coverage 50/50.  
Bottom line: The Google Cloud alliance with Allianz and Munich Re may provide a blueprint for other cloud and tech services providers to emulate. You can expect similar bundles going forward aimed at enterprises of all sizes. More