FRT Algorithms Improving Recognition Rates With Masks
Biometrics work too well with face masks for criminals to hide; or for anonymity
Since the beginning of the pandemic, an increasing number of face biometrics developers have stepped up their efforts to improve the recognition rates of individuals wearing masks.

It was a necessity to keep people safe from COVID-19 while also securing areas from unwanted visitors, and so the technology soon spread from everyday scenarios to more specific ones, such as industrial, academic, and many others.

Face masks, however, have historically not only been worn only by individuals trying to limit the spread of diseases but also by those aiming to conceal their identity for nefarious purposes.

Despite the worst of the pandemic being (hopefully) behind us, many biometrics companies have continued to improve mask recognition algorithms, while others have deployed the technology for surveillance-related goals. biometricupdate.com

Deep Learning-Based Face Recognition Technology with an Accuracy of 99.95% for Facial Recognition Even for a Person Wearing a Niqab
The limits of facial recognition software when a person’s face is partially hidden, as can happen when wearing a veil or protective face mask, are the subject of research published in the International Journal of Biometrics.

Full-face biometric identification has been the subject of a substantial amount of research. However, employing faces that are only partially visible, like veiled people, is difficult. In this study, the deep convolutional neural network (CNN) is used to extract characteristics from photographs of veiled people’s faces.

The researchers claim that their deep-learning technique for facial recognition is 99.95% correct, even when a person is wearing a niqab, which mostly hides the face except for the eyes. Age estimation and gender recognition by the algorithms are both 99.9% correct. Examining the eyes can identify a veiled person or wearing a COVID mask as happy or frowning with an accuracy of 80.9%.

As algorithms and software have advanced, it is no longer necessary to have a clear face-on image to confirm a person’s identification as it was in the early days of traditional facial recognition systems. Therefore, it is conceivable that DeepVeil will experience the same thing with the proper strategy and continued development. marketpost.com

Porch piracy enters Capitol Hill’s crosshairs
In mid-May, U.S. Rep. Dean Phillips, D-Minn., introduced legislation to punish the theft of packages delivered by private-sector companies in the same way a thief would be hit for stealing parcels delivered by the U.S. Postal Service. The legislation would give prosecutors broad jurisdiction to determine the types of incidents that warrant felony charges.

The Porch Piracy Act, which as of early August had 70 legislative co-sponsors, is designed to bring uniformity to the punishment meted out to so-called porch pirates. Under federal law, stealing a package delivered by the Postal Service is a felony punishable by up to five years in prison and a $250,000 fine.

States getting tougher

Eight states have passed laws in the past three years elevating all porch theft from a misdemeanor to a felony Five more, including California and New York, have introduced similar legislation, according to the data.

A law in New Jersey signed earlier this year allows prosecutors to seek fines against porch pirates of up to $15,000 or three to five years in prison. In Kentucky, a bill signed into law in June makes porch piracy a class D felony punishable by one to five years in prison. freightwaves.com

Dallas-Fort Worth flood caused as much as $6 billion in damages
Gov. Greg Abbott to sign a disaster declaration for 23 counties, including Dallas and Tarrant.

The estimated damages would make the flood one of the costliest storms in Texas in the past four decades. 3,500 property claims, 1,300 auto claims and less than 20 flood claims had been filed through National Flood Insurance Program.

Restaurants and bars in Deep Ellum, downtown and East Dallas were some of the areas hit hardest. dallasnews.com

What First Responders Use Retailers Will End Up Benefiting From & Using
DHS: Urban OpEx—New York City Is a Testbed for First Responder Tech
For the Science and Technology Directorate’s (S&T) National Urban Security Technology Laboratory (NUSTL), working in Manhattan is business as usual. As the official Department of Homeland Security lab for testing and evaluating current and emerging first responder technologies.

Over the course of a week in late July, staff from NUSTL and across S&T collaborated with several federal, state and local agencies for the 2022 Urban Operational Experimentation (OpEx), which also brought together technology developers and first responders to take part in demonstrations and evaluations.

Urban OpEx put seven new and emerging technologies into the hands of 150+ first responders from all over the country so they could explore each one’s features, functions, and capabilities, then give end-user feedback to the developers behind these tools.

The lineup of technologies for the week featured unmanned aircraft systems (UAS), deployable robotics, handheld sensors, AI-enabled gun detection, incident management and situational awareness platforms, and deployable communications. The OpEx planning team selected participating technologies by validating them against specific criteria including that each fell into a least one priority area identified for S&T by first responders themselves. Info & Feedback to be published on S&T website. dhs.gov

270+ Delivery Drivers Sickened & Hospitalized
UPS Drivers Say ‘Brutal’ Heat Is Endangering Their Lives
As blistering heat waves swept across the United States this summer, breaking temperature records and placing millions under heat advisories and warnings, workers like Mr. Gubell have continued to deliver America’s packages for a variety of carriers, often in trucks that have no cooling mechanisms for drivers. Some UPS workers have shared photographs that show thermometer readings of up to 150 degrees in the backs of their trucks.

Now, a string of heat-related illnesses among the drivers has renewed calls to improve their working conditions.

“They’re vomiting, their bodies are shutting down,” said Dave Reeves, the president of Local 767, a Texas local of the International Brotherhood of Teamsters, which represents 350,000 UPS workers across the country. He added, “It’s awful.”

Government records show that the problem is not isolated: Since 2015, at least 270 UPS and United States Postal Service drivers have been sickened and in many cases hospitalized from heat exposure. Dozens of workers for other delivery companies, including FedEx, have also suffered from heat exhaustion, according to the records, and a handful of drivers have also died in the past few years. According to the Teamsters, heat-related injuries, illnesses and deaths among drivers are severely underreported. nytimes.com

Talk About Forcing a CEO to Apologize
Starbucks illegally withheld raises from union workers, labor board says

The coffee chain has been trying to tamp down a national organizing campaign

Starbucks illegally withheld wages and benefits from thousands of unionized baristas, the National Labor Relations Board alleged in a complaint Wednesday.

More than 230 locations have joined the Starbucks Workers United union since late 2021, driving a surge in unionization nationwide.

The NLRB seeks back payments and benefits for unionized workers since May and to require Schultz to read a statement to workers about their union rights. The board said Starbucks’s denial of benefits and raises to union workers was intended to discourage union organizing.

The labor board is also requesting that Starbucks provide a copy of all payroll records, time cards and personnel reports so that it can analyze the amount of back pay owed to workers. The remedy outlined by the complaint would require that the company send apology letters to all affected baristas and conduct a training for managers and supervisors on workers’ rights and labor law. washingtonpost.com

The Case Against 'Just Walk Out'
Cost of Amazon’s Just Walk Out technology “far too great”
The cost of Amazon’s Just Walk Out (JWO) technology is “far too great” for the concept to work properly, according to LS Retail director of business development Sigurður Ari Sigurjónsson.

Sigurjónsson criticized the model on his LinkedIn, saying: “One of the reasons (it won’t work) is that the cost of technology in the beginning is far too great for this concept to work.”

“Putting in all this investment upfront in AI, security equipment and all the other hardware means that you need to either have a lot of foot traffic through your store or high enough margins. In this case the technology is just a burden on Amazon’s operations!” chargedretail.co.uk

Dillard's Is Closing Stores, Starting Aug. 27

REI employees vote to unionize at Berkeley store

Bloomingdale’s opening second store under 'Bloomie’s' banner


Quarterly Results

Correction: Ulta Beauty Q2 comp's up 14.4%, net sales up 16.8%

Movado Q2 U.S. net sales down 5.4%, Intern. sales up 15.3%, net sales up 5.1%

Hibbett Q2 cop's down 9.2%, net sales down 6.3%

Gap Q2 comp's down 10%, online sales down 6%, store sales down 10%, net sales down 8%
   Old Navy comp's down 7%, net sales down 10%
   Gap comp's down 7%
   Banana Republic comp's up 8%, net sales up 9%
   Athleta comp's down 8%, net sales up 1%

Shoe Carnival Q2 comp's down 13.8%, net sales down 6%
 

Senior LP & AP Jobs Market

Cool Job:
Dir. Global Security Operations Center job posted for NFL in Mount Laurel, NJ
The NFL’s Global Security Operations Center (GSOC) helps leadership understand internal and external events that impact the key metrics of its businesses. The objective is to respond more rapidly and effectively to information, whether it involves terrorism, criminal matters, brand sentiment, employee issues, or exigent circumstances. hdmm.fa.us6.oraclecloud.com
 

Planning Cybersecurity Budgets for 2023
How 2023 cybersecurity budget allocations are shaping up

Security spending is not expected to slow much next year as organizations look to improve cloud defenses, rely more on MSSPs.

Cybersecurity spending in the coming year may not be recession-proof, but it's likely to be recession-resistant. Still, pressure remains on security leaders to prioritize technologies that generate the most bang for the buck. Forrester released a report Tuesday to help organizations do just that.

"It's hard to assess what 2023 budgets will look like because most companies are in their budget planning for 2023 now, but I think most companies are taking a cautious approach," says Forrester Vice President and Research Director Merritt Maxim.

Firms under-spending on cloud security, over-spending on on-premises security

The report notes that one area where organizations may be under-spending is on cloud security. Given that 58% of organizations will have moved their application portfolios to a public cloud in the next two years, it says, security teams, while spending a notable amount on cloud security, aren't spending enough given the percentage of workloads migrating to the cloud. They need to spend far more, it adds.

On the other side of the ledger, the report maintains that organizations may be spending too much on on-premises security-related items. It found that when expenditures for maintenance, licensing, upgrades, and new investment are combined, on-premises spending is the largest expenditure in security budgets—41% for organizations that spend 20% or less of their IT budgets on security; 38% for those spending more than 20% of their IT budgets on security.

Cutting security awareness training won’t save in the long term

An area tempting for cuts by budget makers, the report notes, is security awareness and other kinds of training. It’s tempting to cut spending in these areas when the economic picture darkens, but it won’t save much compared with other expenditures, it contends, and it will exacerbate the skills shortage and sacrifice the ability to instill trust just when borderless, anywhere work organizations need it most.  csoonline.com

Twitter on the Hot Seat after Whistleblower Complaint
Senate scrutiny on Twitter heats up after whistleblower complaint

Twitter whistleblower Peiter Zatko has been called to testify in front of the Senate Judiciary Committee next month

The Senate Judiciary Committee called Twitter whistleblower Peiter Zatko to testify Sept. 13 about his allegations of widespread security failures at the social media company.

Zatko, also known in the hacker community as “Mudge,” served as Twitter’s chief of security until being fired in January. He alleged in a July whistleblower complaint filed with the Securities and Exchange Commission that Twitter employees had poorly controlled access to the company’s systems, a situation that led to high-profile hacks, and that the company ran vulnerable outdated software on its systems.

The whistleblower complaint was first reported by the Washington Post and CNN.

“Mr. Zatko’s allegations of widespread security failures and foreign state actor interference at Twitter raise serious concerns,” wrote Sens. Dick Durbin, D-Ill., and Chuck Grassley, R-Iowa, the Senate Judiciary’s chair and top Republican respectively. “If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world.”

Twitter said in a statement that Zatko was fired for “ineffective leadership and poor performance,” and said his complaint is “riddled with inconsistencies and inaccuracies.”

Zatko’s allegations suggest that Twitter may have violated a 2011 consent decree it reached with the Federal Trade Commission. Twitter in May agreed to pay $150 million to settle allegations by the Justice Department and FTC that the company violated the order when it used users’ telephone numbers and email addresses it collected for account security for marketing without telling users. cyberscoop.com

Paying Big Bucks to Hack into iOS & Android Devices
Docs Show Spyware Firm Offering iOS, Android Hacking Services for $8M

Leaked documents appear to show a little-known spyware company offering services that include Android and iOS device exploits for roughly $8 million.

Exploit brokers and mercenary spyware providers have been in the spotlight recently, mainly due to revelations surrounding the use of the controversial Pegasus solution of Israeli company NSO Group.

One of NSO’s fairly new competitors is Intellexa, a company founded by Israeli entrepreneur Tal Dilian. The company claims on its website that it’s offering technologies that empower law enforcement and intelligence agencies to ‘help protect communities’. The company says it’s based in the EU and regulated, with six sites and R&D labs in Europe.

Vx-undergroud, which provides malware source code and other cybersecurity resources, posted some screenshots on Twitter on Wednesday showing several documents apparently representing a commercial proposal from Intellexa.

The offer includes 10 concurrent infections for iOS and Android devices, as well as a “magazine of 100 successful infections”. The leaked documents also show a partial list of Android devices against which an attack would supposedly work.

The documents, labeled as proprietary and confidential, describe services for remote data extraction from Android and iOS devices. Specifically, the offering is for remote, one-click browser-based exploits that allow users to inject a payload into Android or iOS mobile devices. The brief description suggests that the victim has to click on a link for the exploit to be delivered.

The documents are not dated, but vx-undergroud said the screenshots were posted on the Russian-language hacker forum XSS on July 14. securityweek.com

47% Surge in Ransomware Attacks
Ransomware attacks jump as new malware strains proliferate, research finds
Ransomware cases jumped 47 percent amid a rise in attacks involving newer strains of malicious software infecting targets, according to the cybersecurity firm NCC Group.

Reported incidents increased to 198 in July from 135 in June, according to the firm that issues semi-regular reports on ransomware activity by tracking websites that post victims’ details.

Just this week, ransomware attackers associated with LockBit, which has been deploying a potent new version of its malware, hobbled a French hospital, causing some patients to have to be redirected to other facilities.

LockBit was associated with 62 incidents in July, according to NCC Group, nearly 20 percent higher than its June total of 52 known incidents. LockBit remains “the most threatening ransomware group, and with which all ogranisations should aim to be aware of,” the company wrote. cyberscoop.com

Attackers Bypassing MFA
How attackers use and abuse Microsoft MFA
Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years.

But threat actors are keeping up with the increasing enterprise adoption of MFA and are constantly coming up with ways to bypass the additional protection it offers.

We have already seen attacks involving SIM swapping, exploitation of vulnerabilities, rogue apps, legacy authentication protocols, MFA prompt bombing (aka MFA fatigue), stolen session cookies, and (custom) phishing kits with MFA-bypassing capability. helpnetsecurity.com

More Bang for the Buck: Cross-Platform Ransomware Is the Next Problem

Google researchers expose Iranian hackers' tool to steal emails from Gmail, Yahoo and Outlook

Albuquerque, NM: State and local leaders focusing on retail crime solutions
There's a new partnership between the Coronado Mall and the Bernalillo County Sheriff's Office. “So for those would-be thieves out there. Look out, because there's a new sheriff in town,” said Randy Chavez, general manager for the Coronado Mall. The sheriff's office now has a substation at the south entrance of the mall. “The proactive operations that we are doing are extremely successful," said Bernalillo County Sheriff Manny Gonzales. Gonzales explained how a recent operation at the mall has proven successful in catching over 100 thieves in a two-week period. “One hundred percent of the property was recovered, leading to tens of thousands of dollars of merchandise that was not stolen,” Gonzales said. But New Mexico lawmakers say there is still work to be done when it comes to retail crime in New Mexico. news.yahoo.com

Chesterfield County, VA: Caught on camera: Three men suspected of stealing $8k in merch from Sunglass Hut
The Chesterfield County Police Department is searching for three men caught on camera, suspected of stealing from a store in the county. Police said the men are suspected to have stolen $8,000 worth of merchandise from Sunglass Hut on Tuesday, Aug. 23. According to Chesterfield Police, the man wearing a face mask is suspected to have been involved in a theft at the same store on Aug. 10. wric.com

Tukwila, WA: Right place, right time as cop stops theft of thousands of dollars in retail theft
A patrol officer with the Tukwila Police Department recovered several thousand dollars worth of clothes from an organized retail theft crime ring after conveniently being in the right place at the right time. Suspects were exiting a store with carts and bags loaded with stolen merchandise when an employee tried to stop them, one of the thieves laughed and said “I’m going to push this cart right out those doors, and you’re not going to stop me or do anything about it.” The employee pointed to the officer walking towards the store and said, “No, but he is.” The suspect left the merchandise and fled the scene. An active incident at a Walmart was reported in a Bellingham Walmart on Wednesday. Police received reports of a man who had tried to steal a shotgun and ammunition from the Walmart and tried to flee the store. Bellingham police, with the help of a K-9 team, tracked down the man by 6:30 p.m. Police said he tried to hide the shotgun, but it was recovered and the man was arrested. mynorthwest.com

San Francisco, CA: After multiple thefts, contractor takes on finding stolen tools
From car break-ins to shoplifting, much has been said about property crime in San Francisco. For one set of victims, theft doesn't just come with a cost, it's making it difficult to work. "Remodel," explained contractor Dan McCann as he walked through a home under renovation in Oakland. "Total interior. Addition, front and back." "This is the third time I've been hit pretty big," McCann added. The third time convinced him to take on another job, tracking down his stolen property, and he said it wasn't that hard to find: A resale website and a seller who may not be the thief, but has thousands of items for sale. "This is the guy who tried to sell me my stuff back," McCann said, pointing to an online profile. "You can see here, 2,600 items sold on OfferUp. So I met up with him." Police say they cannot comment, as they now have several ongoing investigations into the fencing of stolen property. They encourage everyone to record serial numbers, and put distinct markings on tools in case they do go up for sale. This is a frequent, and costly problem. kvoa.com

Bossier City, LA – Police seeking 2 suspects in $700 Home Depot theft

Tulsa, OK: Police looking to identify two people of interest from retail store theft