Cyberattack

Blogs

Two More Crypto Holes

If you work in computer security, your Twitter feed and/or Inbox has just exploded with stories about not just one but two new holes in cryptographic protcols. One affects WiFi; the other affects RSA key pair generation by certain chips. How serious are these? I'm not going to go through the technical details. For KRACK, Matthew Green did an excellent blog post; for the other, full details are not yet available. There are also good articles on each of them. What's more interesting are the implications. more»

The Darkening Web: Is there Light at the end of the Tunnel?

In his book "The Darkening Web: The War for Cyberspace" (Penguin Books, New York 2017), Alexander Klimburg, an Austrian-American academic, gives "Internet Dreamers" a "Wake Up Call". He tells us the background-story why people start to be "anxious about the future of the Internet", as the recent ISOC Global Internet Report "Paths to Our Digital Future" has recognized. Klimburg refers to Alphabets CEO Erich Schmidt, who once said that "the Internet is the first thing that humanity has built that humanity does not understand". more»

A European Perspective on the Equifax Hack: Encouraging Data Security Through Regulation

The Equifax hack is understood to have compromised the personal data of over 140 million individuals. Although recent hacks of other businesses have affected more individuals, the personal data held by Equifax is significantly more sensitive than the data compromised in other hacks and includes Social Security numbers, birth dates, current and previous addresses and driver licence details... (Co-authored by Peter Davis and Brendan Nixon.) more»

Preliminary Thoughts on the Equifax Hack

As you've undoubtedly heard, the Equifax credit reporting agency was hit by a major attack, exposing the personal data of 143 million Americans and many more people in other countries. There's been a lot of discussion of liability; as of a few days ago, at least 25 lawsuits had been filed, with the state of Massachusetts preparing its own suit. It's certainly too soon to draw any firm conclusions... but there are a number of interesting things we can glean from Equifax's latest statement. more»

Security is a System Property

There's lots of security advice in the press: keep your systems patched, use a password manager, don't click on links in email, etc. But there's one thing these adages omit: an attacker who is targeting you, rather than whoever falls for the phishing email, won't be stopped by one defensive measure. Rather, they'll go after the weakest part of your defenses. You have to protect everything -- including things you hadn't realized were relevant. more»

The IoT Needs a Paradigm Shift from Security to Safety of Connected Devices

Building IoT ventures from scratch by prototyping hardware devices and their backend systems as well as working for a large company that tries to sell IoT devices itself, we learned a lot about the pitfalls and problems concerning security in the IoT. Nearly every connected device out there proved to be vulnerable to attacks. Researchers showed that it's possible to remotely take control over autonomous vehicles, implanted medical devices were manipulated, voting machines compromised and of course all sorts of other "smart" devices... more»

Probability of ROI and Tighter Network Security by Blocking Malicious Subdomains

Failing to block a stealthy malicious host from making connections to your network could cost your company millions of dollars, a damaged reputation, and severe losses in sensitive private data. Threat intel teams have faced on-going problems: Expensive feeds that are slow to catch new threats; Chasing false positives in alerts wastes time and money; and Vendors selling a new appliance for every ill. Would 100% of your users Spot the Bot? more»

No One is Immune: Qatar Crisis Started by a Targeted Poli-Cyber Attack

The Qatar Crisis started with a targeted Poli-Cyber hack of an unprecedented nature. Its shockwaves and repercussions continue to alter political and business fortunes, directions and paradigms not only in the Gulf region but globally. Almost everyone around the world is now aware of the this crisis that started early June. By mid July a Washington Post report cited US intelligence officials that the UAE orchestrated hacking of Qatari government sites, sparking regional upheaval that started it all. more»

APT: The Cancer Within

Unless you have a team employing the latest proactive threat-hunting techniques, the stealthy Advanced Persistent Threat (APT) hiding in your network can pass by completely unnoticed. There are as many definitions of APT as experts writing about the topic, so let's boil it down to the simple essentials: APTs are usually implanted and maintained by a team of malicious actors with the intention of living long term in your network while extracting valuable private information. more»

Good Samaritans with Network Visibility

In a big open office 30 feet from me, a team of US Veterans speak intently on the phone to businesses large and small, issuing urgent warnings of specific cyber security threats. They call to get stubborn, confused people to take down hidden ransomware distribution sites. They call with bad news that a specific computer at the business has malware that steals login credentials. more»

Conventional Thinking Won't Work in New Era of ISIS & 'Unprecedented' Cyber & Non-Cyber Attacks

Conventional thinking or solutions will no longer work in the new era of ISIS and the 'Unprecedented' cyber and non-cyber attacks we live in today. Like it or not, everyone is impacted, and no one is immune. Whether you are an average citizen, a chairman or CEO of a multinational, or a government or academic institution leader, the questions to ponder are: Do you know what to do next? Do you know what the solution is? more»

Security Costs Money. So - Who Pays?

Computer security costs money. It costs more to develop secure software, and there's an ongoing maintenance cost to patch the remaining holes. Spending more time and money up front will likely result in lesser maintenance costs going forward, but too few companies do that. Besides, even very secure operating systems like Windows 10 and iOS have had security problems and hence require patching. (I just installed iOS 10.3.2 on my phone. It fixed about two dozen security holes.) more»

WannaCry: Patching Dilemma from the Other Side

WannaCry, originated firstly in state projects but spread by other actors, has touched upon myriads of infrastructure such as hospitals, telecommunication, railroads that many countries have labelled as critical. IT engineers are hastily presenting patching codes in various localized versions. The other patch needed, however, is more than technical. It is normative and legislative. The coding of that patch for a situation like this is in two layers of dilemma. more»

It's Up to Each of Us: Why I WannaCry for Collaboration

WannaCry, or WannaCrypt, is one of the many names of the piece of ransomware that impacted the Internet last week, and will likely continue to make the rounds this week. There are a number of takeaways and lessons to learn from the far-reaching attack that we witnessed. Let me tie those to voluntary cooperation and collaboration which together represent the foundation for the Internet's development. more»

Patching is Hard

There are many news reports of a ransomware worm. Much of the National Health Service in the UK has been hit; so has FedEx. The patch for the flaw exploited by this malware has been out for a while, but many companies haven't installed it. Naturally, this has prompted a lot of victim-blaming: they should have patched their systems. Yes, they should have, but many didn't. Why not? Because patching is very hard and very risk, and the more complex your systems are, the harder and riskier it is. more»

News Briefs

Security Flaw in TPM Chips Allows Attacks on RSA Private Keys

KRACK Attack Can Affect All Modern WiFi Networks, Researchers Have Disclosed

Cyberattacks Against Abortion Clinics on the Rise

Bluetooth-Based Attack Vector Dubbed "BlueBorne" Exposes Almost Every Connected Device

U.S. Navy Investigating Possibility of Cyberattack Behind Two Navy Destroyer Collisions

Equifax Hacked, Nearly Half of US Population Affected

Europe and North America Energy Sector Targeted by Sophisticated Cyberattack Group

British Organizations Could Face Massive Fines for Cybersecurity Failures

Kansas System Hacked, Social Security Numbers of Millions Accessed Spanning 10 States

Extreme Cyberattack Could Cost as Much as Superstorm Sandy, Says Insurer Lloyd's of London

U.S. Critical Infrastructure Will Be Attacked Within 2 Years, According to 2017 Black Hat Survey

U.S. Nuclear Power and Other Energy Companies Hacked by Russians According to Government Officials

Petya Ransomware Spreading Rapidly Worldwide, Effecting Banks, Telecom, Businesses, Power Companies

South Korean Banks Receive DDoS Threat from Hacker Group, Record Ransomware Payment Demanded

Cyberattack on UK Parliament Halts Email Access

Honda Halts Domestic Car Production Plant Due to WannaCry Virus in Computer Network

North Korea's Spy Agency Behind WannaCry

FBI, DHS Release Technical Details on North Korea’s DDoS Botnet Infrastructure

Russian Interference More Vigorous than Assumed, Over 39 States Targeted During Election

Major Flaw Found in WannaCry Raises Questions on Whether it was Really a Ransomware

Most Viewed

Most Commented

Industry Updates

Participants – Random Selection