Axis Communications Opens New Axis Experience Center in NYC

Axis Furthers National Expansion Plans with Latest State-of-the-Art Technology Center in Manhattan

Axis Communications’ new Axis Experience Center (AEC) officially opened in New York City in conjunction with ISC East on November 17, 2021, providing area business leaders, security professionals and system integrators direct access to the latest in network solutions and dedicated technology specialists. The Manhattan-based facility is the latest addition to Axis’ network of AECs across the US and around the globe, which are focused on fostering business relationships and technological innovation as well as providing hands-on experience with Axis IP-based solutions.

“A global hub of culture and business, New York City is truly one of the greatest cities in the world, so it’s the perfect location for our newest Axis Experience Center,” said Larry Newman, Senior Director of Sales, Axis Communications. “We look forward to directly connecting with more partners and customers in our efforts to strengthen relationships, foster creativity and ultimately enhance security and business operations through cutting-edge solutions. In New York and beyond, all Axis partners should consider our wide-ranging network of AECs as an extension of their own business--a place where they can congregate with their teams, engage in trainings, host their customers and demo our latest solutions.”

Read more here


The LPF Announces 2021 MacLea Scholarship Recipients

(Mooresville, NC - November 17, 2021) Thanks to the generosity and support of the Loss Prevention Foundation's Swing for Certification sponsors, even though the golf tournament had to be postponed again this year, 111 Bob MacLea LPQ & LPC Course Scholarships have been awarded to deserving industry professionals! Scholarship recipients will be notified via email and will be required to attend an official scholarship kick-off call in order to access their course.

"The mission of the LPF is to educate professionals in the loss prevention / asset protection industry through our world-class LPQ and LPC courses," commented Terry Sullivan, LPC, President of the LPF. "Our tournament sponsors have helped us to fulfill that mission and we simply cannot thank them enough. We look forward to 2022 when, once again, we will host the Swing for Certification golf tournament, in-person, in conjunction with the NRF Conference in Cleveland, Ohio."

Click here to see the full list of recipients
 

CISA Issues Alert Over Iranian Cyber Threats
Iranian government-backed hackers target critical infrastructure with ransomware, US says
U.S., U.K. and Australian cyber agencies on Wednesday accused Iranian government-sponsored hacking groups of exploiting Microsoft and Fortinet vulnerabilities this year in a bid to deploy ransomware against critical infrastructure.

The hackers are interested in taking advantage of known software flaws where they can, the agencies said. The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency in March, May and June saw Iranian “advanced persistent threat” groups capitalizing on Fortinet vulnerabilities, in one case for a server associated with a U.S. municipal government and in another involving networks associated with a U.S.-based hospital focused on children’s care.

In October the hackers relied on a Microsoft Exchange ProxyShell vulnerability “to gain initial access to systems in advance of follow-on operations,” the subject of another recent CISA alert.

“The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations,” the Wednesday alert states. “These Iranian government-sponsored APT actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion.”

While the U.S. government has accused individual Iranian hackers of distributing ransomware in the past — such as with charges filed in the attack on the city of Atlanta — and while the U.S. has criticized the Iranian government for its activities in cyberspace, Wednesday’s alert combines both trends.

The joint alert follows research unveiled on Tuesday at the CyberWarCon conference, where Microsoft and CrowdStrike both revealed details about how suspected Iranian government-linked hackers had used ransomware as a disruptive tool. cyberscoop.com

Infrastructure Bill Features $1.9 Billion in Cyber Funding
CISA Leader: 'We've Not Seen a Change' in Ransomware Attacks

In Hearing, DHS Cyber Officials Outline Counter-Ransomware Efforts

Several key federal cybersecurity leaders in the U.S. on Wednesday outlined the Biden administration's approach to countering ransomware, which they called a national security issue. The leaders are backing incident reporting legislation and assessing Russia's progress in curbing attacks conducted within its borders.

Based upon the reporting made to the federal government at this time, we've not seen a change in the amount of ransomware targeting [the U.S.]," said Brandon Wales, executive director of the U.S. Cybersecurity and Infrastructure Security Agency.

"It seems to me [then], that Russia has broken its promise," Rep. Ritchie Torres, D-N.Y., responded.

Robert Silvers, Department of Homeland Security undersecretary for the Office of Strategy, Policy, and Plans, and Jeremy Sheridan, assistant director of investigations for the Secret Service, also outlined executive-level efforts to combat ransomware - including the continuation of international law enforcement actions, indictment of known cybercriminals and seizure of operators' cryptocurrency proceeds.

'Safe Havens in Russia and China'

In this House Homeland Security Committee session, entitled "A Whole-of-Government Approach to Combating Ransomware: Examining DHS' Role," Rep. Elissa Slotkin, D-Mich., chairwoman of the Intelligence and Counterterrorism Subcommittee, said, "I'm pleased that we're strengthening [efforts] against ransomware and I'm glad that it's bipartisan - that's an extremely important thing. And we know DHS is a key federal player in this whole conversation."

DHS' Silvers said the administration is "taking the fight to" those carrying out ransomware attacks - done in part by the Treasury Department's first-ever sanctions against cryptocurrency exchanges allegedly tied to ransomware transactions - the Russia-based Suex and Chatex platforms, and Department of Justice's efforts to claw back millions of dollars in cryptocurrency from actors behind prominent attacks.

Secret Service Efforts

The Secret Service's Sheridan told Congress that its investigative teams across 100-plus global offices have responded to over 700 network intrusions, prevented $2 billion in financial losses and returned over $54 million to victims through asset forfeitures. govinfosecurity.com

From Russia With Love
Russian cyberspies target cloud services providers and resellers to abuse delegated access
The group of hackers responsible for the SolarWinds software supply chain attack have continued to seek out ways of indirectly gaining access to enterprise networks by targeting IT and cloud services providers that have admin rights on their customers' systems through virtue of their business relationship.

In a new report this week, Microsoft warns that since May, the group known as Nobelium has targeted over 140 cloud service resellers and technology providers and has succeeded to compromise as many as 14. Nobelium, also known as APT29 or Cozy Bear, is considered the hacking arm of Russia's foreign intelligence service, the SVR.

"This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling—now or in the future—targets of interest to the Russian government," Tom Burt, corporate vice president for Customer Security & Trust at Microsoft, said in a blog post.

Compromise one to compromise many in the supply chain

Supply chain attacks can come in many forms. They can involve Trojanized software updates like in the SolarWinds, CCleaner (Winnti), NetSarang (ShadowPad) or M.E.Doc (NotPetya) incidents or can involve the abuse of privileged access granted to external contractors, business partners, or IT services providers. The 2013 credit card breach at Target traced back to the compromised credentials of an HVAC subcontractor. In the past several years, many managed services providers (MSPs) around the world were targeted by ransomware groups to abuse their access to corporate networks. csoonline.com

North Korea's Cyber Espionage Group
Previously unreported North Korean espionage part of busy 2021 for country's hackers
A North Korean cyber espionage group known primarily for targeting think tanks, advocacy groups, journalists and others related to Pyongyang’s adversaries around the world has been quite prolific in 2021, according to email security firm Proofpoint.

The stepped-up action includes launching near-weekly attacks, among them two previously unreported campaigns.

In findings published Thursday, the firm examined the activities of a group it refers to as TA406, which it considers to be one of the components of an organization known more broadly as Kimsuky that’s been active since at least 2012. The U.S. government issued a public alert to the private sector in October 2020 about Kimsuky, warning of spearphishing, watering hole attacks and other methods designed to steal credentials.

TA406 targets research, education, government, media and other organizations for credential theft, Proofpoint analysts Darien Huss and Selena Larson wrote. The group’s other activities involve financial crimes and sextortion, and an increased use of malware. The campaigns remained “low in volume” until the beginning of January 2021, but starting then and through June 2021, the group launched “almost weekly campaigns,” the researchers wrote. cyberscoop.com

Ransomware fueled record year for UK cyber response

TikTok scammers tried hacking 125 targets that followed famous accounts
 

Cannabis Security Operations
From Seed to Sale: Securing a Cannabis Operation Poses Unique Challenges
Like any business, a cannabis operation requires certain licenses, approvals and audits before opening the doors. While regulations and security requirements differ across states, almost all require some form of electronic alarm and surveillance system, along with audit trails, whether paper or electronic, that must be archived.

Every location that has legalized medical or recreational marijuana has stringent licensing requirements, whether for grow operations, edibles manufacturing, processing plants, dispensaries or transportation and the newer delivery services. While these regulations may differ in details, in almost all cases, they include having an acceptable security plan in place.

Video Surveillance Required

While rules differ state to state, nearly all states that have fully legalized cannabis require video surveillance 24/7 throughout the entire facility. An average dispensary might have up to 40 cameras. A large-scale grow operation could have more than a hundred cameras to ensure proper surveillance of the product and the harvesting process. No matter the business function, the perimeter needs to be protected and there can be no “dead zones” where a camera’s field of view is obstructed. All hard and soft potential physical security threats (customers, employees, delivery people, packages) entering the premises must be tracked using the video system, along with any human or product movement that occurs within the facility.

Seed-to-Sale Tracking

Seed-to-sale is the process of tagging each and every cannabis plant with a barcode or radio-frequency identification (RFID) marker that allows tracking from a grow operation (seed) to cultivation, processing and final sale. For cannabis customers, everything they buy has a batch number, complete with the lot and date – allowing them to learn the full lifecycle of the product. Such tracking measures exceed those in a pharmacy, where customers rarely find such specifics.

Video Analytics Optimize Dispensary Security - Remote Video Access & Investigations - Cash Management: securityindustry.org

Security & Compliance Top of Mind at Cannabis Conferences
3 Cannabis Security Take-Aways From MJBizCon and MJ Unpacked 2021
This year, the first in-person MJBizCon since 2019 was a success with 35,000 people in attendance. The conference, which took place from October 19-22 at the Las Vegas Convention Center, hosted over 1,300 exhibitors covering every aspect of the cannabis industry.

In addition to those in attendance at MJBizCon, an alternate, more exclusive conference titled MJ Unpacked hosted another 2,500 ‘delegates’ from retailers, brands, investors, and delivery/distribution services.

Though each event had their purpose, it was obvious that security and compliance are still major factors in licensing and operating a profitable cannabis business.

#1: Increased Focus on Training and Standard Operating Procedures
As this industry continues to grow and more states come on board with legalization, the need for training and established standard operating procedures will continue to grow. MSOs (multi-state operators) and branded cannabis ‘chains’ are becoming more common and these businesses require standardized training and operating procedures to ensure their company runs smoothly. This increased focus was apparent at both shows, with companies like WēEd by Learning Rebels, BuildMySOP.com, and iComply in attendance.

#2: Smart Safes and Cash Counters are Becoming More Popular with Retailers
Although smart safes and advanced cash counters are relatively new in the security industry, the cannabis industry has adapted to include them rather quickly. These physical security elements had a much larger presence at MJBizCon and multiple exhibitors throughout the conference hall had these devices on display, such as Southern California Safe Company, Smart Safe USA and Tidel. Since retailers often have large quantities of cash on-site, these smart safes and cash counters help these businesses remain in compliance.

#3: Businesses Want More Advanced Security Technologies
While most cannabis businesses are required by regulation to have alarms and video surveillance, modern cannabis business owners are looking to secure their facilities using more advanced security technologies such as analytics and remote functionalities. Multiple exhibitors innovative video cameras, surveillance systems, and other security devices that can work interconnectedly to secure a business such as Hanwha Techwin America, March Networks, and Safety Vision. This desire for more advanced security technologies will likely continue to grow as the industry continues to develop. sapphirerisk.com