Mass Shootings Raise Questions About Security and Training

Perpetrators at workplaces are typically insiders who know safety procedures, study finds

Mass shooters who target schools and workplaces are typically insiders such as students or employees, calling into question the effectiveness of security measures and training, according to one of the most comprehensive studies of the subject.

Barriers and locks meant to block outsiders and active-shooter drills do little because most attackers already have access and are aware of the procedures, said the authors of the study, Jillian Peterson and James Densley. The university professors have created a mass-shooter database that goes back more than 50 years.

The most common site for a mass shooting since 1966 is the workplace, Mr. Densley and Ms. Peterson found. Next was a category that includes restaurants, bars and nightclubs, followed by retail establishments, schools, houses of worship and colleges. wsj.com


What a Security Products Blacklist Means for End Users & Integrators
A recent US Commerce Department blacklist of several Chinese entities leaves a looming question: What happens if your products are now prohibited?

The recent blacklisting by the US Department of Commerce bars 28 Chinese security and technology companies from buying parts and components from US firms without US government approval. Among the companies named are two of the world's largest video surveillance manufacturers, Hikvision and Dahua Technology, and several startup firms that specialize in AI, voice recognition, and data. The US government accuses them all of playing a role "in the implementation of China's campaign of repression, mass arbitrary detention and high-technology surveillance," the Commerce Department filing states.

These prohibitions are causing complications for IT and physical security professionals, especially those with government contracts. They need to weigh the security risks of using these tools versus the risk of not using them. A complex international supply chain also makes it hard to evade all these potential entrapments.

Questions About Supply Chain Security Now in Play
Danielle VanZandt, security analyst for Frost & Sullivan, says Dahua's and Hikvision's positions within the overall global digital surveillance market makes their blacklisting somewhat of a shock, with the immediate effects touching off significant questions among US partners, end users, and supply chain partners about the state of the security products supply chain.

The Path Forward if You're Impacted
What if you are using products from an impacted entity? The instructions for how to proceed are murky. VanZandt says she only recommends rip-and-replace to end users who were already considering updates to their systems. It is unnecessary to incur the huge expense that a total system replacement would require based solely on the blacklist. However, she does not recommend that end users or systems integrators just "hope for the best" either when it comes to the security products they are using. The list could present an opportunity for a fresh evaluation of systems in place. darkreading.com

U.S. Adds 22 to Commerce’s Entity List


90 Voice Fraud Attacks Occur Every Minute
Pindrop®'s annual Voice Intelligence Report has uncovered skyrocketing fraud rates, with 90 voice channel attacks occurring every minute in the U.S.

Additional key findings include:

● Voice fraud continues to serve as a major threat, with rates climbing more than 350 percent from 2014 to 2018

● The 2018 fraud rate is 1 in 685, remaining at the top of a five-year peak

● Insurance voice fraud has increased by 248 percent as fraudsters chase policies that exceed $500,000

● In 2018, 446 million records were exposed from more than 1,200 data breaches

● The industries facing the highest fraud risks include insurance (1 in 7,500 fraudulent calls), retail (1 in 325 fraudulent calls), banking (1 in 755 fraudulent calls), card issuers (1 in 740 fraudulent calls), brokerages (1 in 1,742 fraudulent calls), and credit unions (1 in 1,339 fraudulent calls)

The report details emerging fraud threats, the birth of the conversational economy, and why voice authenticated customer experience is the next revenue battleground for enterprises.

In the report, Pindrop highlights how synthetic voice attacks will soon become the next form of data breaches. In the near future, we will see fraudsters call into contact centers utilizing synthetic voices to test companies on whether or not they have the technology in place to detect them, particularly targeting the banking sector. securitymagazine.com

Two Tuna Co. SVP's Admit to Price-Fixing in Ex-Bumble Bee CEO Trial
A former StarKist executive testified Tuesday in the criminal price-fixing trial of former Bumble Bee CEO Christopher Lischewski, highlighting for a California federal jury the tuna industry leadership’s close relationships and how he worked with executives at Bumble Bee and Chicken of the Sea to fix prices. StarKist’s former SVP of sales and trade marketing, Steve Hodge, told the jury that he participated in the price-fixing scheme with Bumble Bee and Chicken of the Sea in order to “compress the levels of competition” and to “keep a level playing field” between the leading canned tuna companies. Last week, the jury heard similar testimony from Walter Scott Cameron, Bumble Bee's former senior vice president of sales who reported directly to Lischewski, on how exactly he participated in the price-fixing conspiracy and that he had entered a plea deal with the government. law360.com

H&M Wants Worker Bag Check Class Cert. Revoked
H&M has urged a California federal judge to decertify classwide treatment on claims that workers weren’t paid for time spent in security checks after their shifts ended, arguing the clothing chain doesn’t have a uniform practice of requiring every worker to go through such a check post-shift. The company said Thursday there were a number of reasons to undo an August 2018 decision in which U.S. District Judge Edward Davila granted class certification on claims stemming from H&M Hennes & Mauritz LP’s post-shift inspections. For one thing, the company said that there isn’t a common policy that all workers have to get checked after they clock out, claiming that only those with bags need to be checked. law360.com

Hong Kong Protesters Direct Anger at Police as Violence Flares
Public anger at Hong Kong’s police force has become a driving force behind a protest movement that is increasingly marked by violent confrontations, after beginning as peaceful opposition to Beijing’s growing influence over the city’s affairs. That fury was on full display after police shot a 21-year-old protester at close range on Monday, marking the third such incident during this year’s unrest and triggering more clashes throughout the day. The man, identified by friends as Patrick Chow, a hotel-management student, remained in critical condition after undergoing emergency surgery. wsj.com

Hong Kong defies protests:
Causeway Bay remains the most expensive shopping street for retail
The Cushman&Wakefield ranking uses data collected before the protests started. New York’s Fifth Avenue and London’s New Bond Street are placed in second and third position. themds.com
 

Black Friday Just Isn’t What It Used to Be
Online Shopping on Thanksgiving - Sales Throughout November - The Amazon Effect

Apparently, Black Friday is declining in its impact on holiday spending. According to PwC’s holiday outlook report, Black Friday is being “muted” by changing consumer behavior. The report also found that shoppers plan to spend about $1,200 this year on gifts and items for themselves. The PwC data follows forecasts that vary widely, and show apparel sales coming in about flat this year.

PwC surveyed shoppers and found that “only 35 percent of consumers plan to shop on Black Friday this year — dropping a full 38.9 percent from 2015.” The researchers also found that 49 percent of shoppers said “they plan to finish their holiday shopping after Black Friday week.”

This compares to 19 percent of those polled who are shopping throughout Black Friday week and 10 percent who are shopping in “early November.” Six percent have either completed or planned to complete their shopping before Nov. 1.

Some of the shifts in holiday spending include more online shopping taking place on Thanksgiving Day. Other factors muting the impact of Black Friday include more sales throughout November as well as “the Amazon effect.”

“Amazon’s dominance and the success of Prime Day have changed consumer behavior,” authors of the report said. “Shoppers realize there are opportunities for deep discounts beyond Black Friday and Cyber Monday, essentially causing buying patterns to become more dispersed.” wwd.com

Expect ‘roller-coaster’ holiday shopping season, advises NPD
Retailers can expect a good Black Friday weekend, but a mediocre Cyber Monday will follow as online growth continues to level off and political distractions around the globe take a bite out of leisure-time spending, according to The NPD Group Holiday 2019 Insights. NPD notes that shopping intentions are divided between consumers who plan to spend more (20%) than last year and those who plan to spend less (16%), with the biggest change among the largest group of consumers — those who plan to spend the same amount (64%) they did last year. chainstoreage.com

UK Department Store Sector Has Seen Unprecedented Difficulties
Two of the biggest chains entering administration: House of Fraser in 2018 and Debenhams in 2019

Retailers in the UK department-store sector have already tried investing in digital, focusing on private labels and creating better in-store experiences - so far, these actions have not been enough to revive the top line. Given the sustained structural shifts in retailing, we expect to see a leaner sector with fewer stores, even if not fewer chains, in the coming years. coresight.com

Gift cards are a top target for scammers this holiday season
There are multiple gift card scams that are becoming increasingly popular, according to security experts.

One involves scammers using a card reader to record — or simply writing down — a card’s serial number in store before it is sold. Then, they scratch off the decal protecting the cards’ PINs and record those, too, replacing the covering with tape that can be bought relatively cheaply online, according to Krebs on Security, a popular tech security blog.

Other scammers use bots to test out millions of combinations of gift card numbers and PINs on retailer websites. Once they access an account, they drain the money still left on the cards, either by selling it on the dark web or buying products or services themselves.

It’s not just gift cards. Thieves are using similar tactics to access member accounts on retailer websites to steal any loyalty points the member may have accumulated (think Sephora’s Beauty Insider points). cnbc.com

Consumers plan to spend more than $200 on gift cards this year

CNBC Investigation - Originally Aired in 2017: Gift card crime fueling opioid addiction across the US
 

US Supreme Court weighs major digital privacy case involving cellphone data
Serial armed robber says police needed a warrant to track his location during crime spree

The U.S. Supreme Court on Wednesday takes up a major test of privacy rights in the digital age as it weighs whether police must obtain warrants to get data on the past locations of criminal suspects using cellphone data from wireless providers.

The justices will hear an appeal by a man named Timothy Carpenter convicted in a series of armed robberies in Ohio and Michigan with the help of past cellphone location data that linked him to the crime locations. His American Civil Liberties Union lawyers argue that without a court-issued warrant such data amounts to an unreasonable search and seizure under the U.S. Constitution‘s Fourth Amendment.

Law enforcement authorities routinely request and receive this information from wireless providers during criminal investigations as they try to link a suspect to a crime.

Police helped establish that Carpenter was near the scene of the robberies of Radio Shack and T-Mobile stores by securing from his cellphone carrier his past “cell site location information” tracking which cellphone towers had relayed his calls.

The legal fight has raised questions about the degree to which companies protect their customers‘ privacy rights. The big four wireless carriers, Verizon Communications Inc, AT&T Inc, T-Mobile US Inc and Sprint Corp, receive tens of thousands of these requests annually from law enforcement. stockdailydish.com

A Guy Who Stole Phones From RadioShack Could Be The Next Face of Digital Privacy


SHRM: Politics in the Workplace
How common do you think politics and the discussion of political issues have become over the last four years?

While most workplaces are inclusive and mostly inclusive about differing political opinions... over a third are not.

For decades, conventional business wisdom has held that employees should check their political opinions at the door. A new SHRM survey, however, shows that not only are political conversations occurring at work, they're on the rise—and causing conflicts:

● 56% of U.S. employees say discussion of political issues has become more common in the last four years.
● 42% percent have personally experienced political disagreements in the workplace.
● 34% say their workplace is not inclusive of differing political perspectives.

The findings suggest that political topics like race, sex and gender make up a dimension of diversity that workplace cultures should include and embrace by facilitating civil conversations. shrm.org

Surveillance video released of burglars who raided billionaire Mall of America mogul’s New York mansion
Burglars ransacked New York mansion of billionaire Don Ghermezian Saturday evening, stealing $140,000 worth of luggage and jewelry. Police released video footage of the suspects walking outside the Ghermezian’s home in an upscale Bronx neighborhood.

Ghermezian is CEO of Triple Five Group, the Canada-based real estate developer behind Mall of America and the recently-opened American Dream mall in East Rutherford, New Jersey. cnbc.com

What Are the Privacy Rights of Employees?

Famed Consultancy McKinsey & Company Opens Store
   - 'Modern Retail Collective' at Mall of America

Juul to Cut 650 Jobs, Slash $1B in Costs

Columbia, SC: Firehouse Subs employee fired after writing racial slur on receipt

Walgreens may get scooped up in the largest private equity deal in history


Quarterly Results
Advance Auto Parts Q3 comp's up 1.2%, sales up 1.6%

Companies Failing Interim Security Test
PCI DSS payment security compliance drops again Worldwide
Worldwide, barely one-third of companies are maintaining full compliance with the PCI DSS security standard – and the numbers are falling.

Compliance with the Payment Card Industry Data Security Standard (PCI DSS) has fallen for the second year in a row to just 36.7% globally, the lowest level in five years, according to Verizon's "2019 Payment Security Report," published Nov. 12.

The decline in successful interim security audits is steep. In 2016, more than half of companies — 55% — taking a practice run through the painful compliance process mandated by PCI DSS passed the interim compliance audit. The ability to pass the assessment is a measure of the stability of a company's compliance processes and security controls, says Ciske Van Oosten, senior manager of global intelligence for Verizon's Security Assurance Consulting practice.

The PCI DSS requirements organizations most often failed to maintain include No. 11 ("Test Security Systems and Process"), No. 6 ("Develop and maintain secure systems"), and No. 8 ("Authenticate access"). A third of companies — the largest portion — failed to run regular network and vulnerability scans (requirement 11.2), according to Verizon's report. Twenty-eight percent of companies failed to protect software components and applications from known vulnerabilities (requirement 6.2), and 27% failed to recheck security control flagged by penetration testing to ensure that issues were fixed (requirement 11.3.3).

"The largest compliance drop occurred against Requirement 6, as organizations struggled to maintain effective vulnerability management, software development and change processes," the report stated. "It is then perhaps not too surprising that Requirement 11 remained the poorest performer—both in overall compliance and control gap—as organizations struggle to sustain compliance with security testing requirements year after year."

Organizations in the Asia-Pacific (APAC) region were the most likely to maintain compliance at 69.6%, compared to 48% in Europe, the Middle East and Africa (EMEA) and just 20.4% in the Americas, said Verizon.

With the latest version of the PCI DSS standard 4.0 launching soon, businesses have an opportunity to turn this trend around by rethinking how they implement and structure their compliance programs.” computerweekly.com darkreading.com

Russian National Extradited for Running $20M Online Criminal Marketplace
Russian national appearance in federal court yesterday on charges related operation of two websites devoted to the facilitation of payment card fraud, computer hacking, and other crimes. Aleksei Burkov, 29, arrived at Dulles International Airport last night after being extradited from Israel.

Burkov ran a website called “Cardplanet” that sold payment card numbers (e.g., debit and credit cards) that had been stolen primarily through computer intrusions. Many of the cards offered for sale belonged to United States citizens. The stolen credit card data resulted in over $20 million in fraudulent purchases made on US credit cards.

Burkov allegedly ran another website that was invite-only club where elite cybercriminals could advertise stolen goods and services. To obtain membership in Burkov’s cybercrime forum, prospective members needed three existing members to “vouch” for their good reputation among cybercriminals and to provide normally $5,000, as insurance.

Arrested at Ben-Gurion airport near Tel Aviv in December 2015. And just extradited to US. He faces a maximum of 80 years in prison. justice.gov

Editor's Note: Obviously the FBI, who is constantly monitoring these hackers movements, knew he was on a plane landing in Tel Aviv for some reason and intercepted him or had him intercepted.

We've read a number of accounts and articles that claim that for the most part it's the FBI tracking these hackers and just waiting for them to leave their protected areas in Russia and neighboring country's. With taking vacations being the #1 reason they were traveling. In one case they literally, according to one foreign media source, "kidnapped" the hacker at a restaurant on his first night on vacation.

It's a great testimony for the FBI and their never ending pursuit of these criminals. The biggest of which are now sitting in U.S. Federal prisons.

Albertson's Urges Dismissal Of Employee's Biometric Suit
Albertson’s argued Tuesday that it shouldn’t have to face a lawsuit for collecting employees’ fingerprints because there is no functional difference between it and the types of businesses excluded from liability under Illinois’ biometric privacy law.

If the goal of Illinois’ Biometric Information Privacy Act is to protect individuals’ biometric information, then the statute’s exceptions for financial institutions and government contractors “do nothing” to achieve that goal, Mark Eisen, counsel for New Alberston’s Inc., told Cook County Circuit Judge Anna Loftus. The company, which owns the Jewel-Osco chain of grocery stores, says BIPA is unconstitutional and wants the court to dismiss a lawsuit by former pharmacist Gregg Bruhn alleging that it unlawfully collected fingerprint data from pharmacy employees. law360.com

PayPal becomes phisher’s favorite brand, Office 365 phishing techniques evolve
PayPal has overtaken Microsoft to claim the number one ranking for phisher’s favorites for the first time. Netflix was not far behind as the streaming giant moved up to the third spot, according to Vade Secure. In Q3 2019, Vade’s AI engine detected 16,547 unique PayPal phishing URLs for an average of nearly 180 per day. This represents a 69.6 percent YoY increase. Impersonating PayPal, which had more than 286 million active user accounts in Q2, is clearly a highly profitable practice for cybercriminals, with no letup in sight. helpnetsecurity.com

Tech startups offer competition for Amazon Go
AiFi and Grabango are two technology startups that are developing autonomous systems to enable consumers to shop in stores without having to use a traditional checkout. Grabango is currently working with Giant Eagle to test its technology in a store environment. cnbc.com

FTC Blog: When third-party service providers are party to sensitive data

10 Data and Analytics Trends for 2020

Redlands, CA: Suspects Sought in Brazen Robbery at Nike Store in Redlands
Cellphone video captured at least five men, unfazed by onlookers and cameras, nonchalantly leaving a Nike store in Redlands carrying armloads of merchandise they hadn't paid for. Police confirmed that a group of men stormed into the Nike Factory Store at the Mountain Grove Shopping Center around 8:30 p.m. Monday and grabbed what they could before taking off. The same store has been targeted by robbers multiple times before, but it's not clear if the crimes are connected, police said. ktla.com

Must-See Video

Arcadia, CA: Victoria’s Secret in Westfield Santa Anita reports Grab & Run of over $2,000 of merchandise
On Nov. 7th, around 11:30 a.m., an officer responded to Victoria's Secret regarding a commercial burglary report. Two suspects entered the store with "booster bags" and fled with $1,045.00 worth of merchandise. The suspects were followed to the parking lot by loss prevention and ultimately fled with another suspect who had stolen an additional $1,009.55 worth of merchandise. patch.com

Millburn, NJ: Bloomingdale shoplifter flees with $1,395 in coat
On November 8, 2019 Millburn Police Officer O’Neill responded to Bloomingdales on a theft report. Bloomingdales personnel report a black female wearing all black concealed 3 coats valued at $1395.00 in a bag and left the store without making payment. The incident is under investigation by the Millburn Police Detective Bureau. tapinto.net

Millburn, NJ: Abercrombie & Fitch Shoplifter arrested at Short Hills Mall with nearly $500 of merchandise
On November 5, Millburn Police responded to the Abercrombie and Fitch on a theft report. Abercrombie personnel report 48 year old Boone Lacy concealed $493.00 worth of merchandise in a bag and left the store without making payment. Mr. Lacy was placed under arrest and charged with shoplifting before being remanded to the Essex County Correctional Facility. tapinto.net

Millburn, NJ: Suspect in Sunglass Hut, Tumi and Lululemon thefts arrest at Short Hills
On November 7, 2019 Millburn Police responded to the Sunglass Hut on a theft report. Sunglass Hut personnel report 40 year old Anupam Dass concealed a pair of sunglasses valued at $213.00 in his sleeve and left the store without making payment. Mr. Dass was placed under arrest and found to be in possession of stolen property from the Lululemon and Tumi stores. tapinto.net