What Trump’s Win Means for Cybersecurity

November 13, 2016 by Ioannis S. Haviaras 4 Comments

With Donald Trump’s win this past week cybersecurity could have a new face in the White House, Rudy Giuliani. Giuliani has been head of several cyber security investigations in a law firm he works for and is one of the candidates for attorney general of the United States. This means that Giuliani could be leading the effort to force manufacturers such as Apple to provide backdoors to their encryption. This should be interesting to see how Trump will also head the NSA which has come under turmoil during Obama’s administration due to the Snowden leaks. Needless to say this should be an interesting four years for cyber security in America and the world.

Article: https://www.wired.com/2016/11/security-news-week-trumps-win-means-cybersecurity/

Burpe Suite Web Analysis

November 12, 2016 by BIlaal Williams 1 Comment

burpsuite powerpoint slides

burp executive summary

Facebook buys black market passwords to keep your account safe

November 12, 2016 by Mauchel Barthelemy Leave a Comment

Account safety is about more than just building secure software because a data-saturated company of Facebook’s size and scope can build a perfectly secure software and yet users can still get hurt. This is the philosophy approach of Facebook’s chief security officer, Alex Stamos, as an alternative way to ensure Facebook users’ safety. To achieve so, the social media giant purchases passwords in the black market from hackers to keep your account safe.

For example, Alex explains that many users are still using “123456.” As a solution, Facebook users with these types of passwords are automatically alerted to make their accounts safer because they are more vulnerable to being compromised. This is something Facebook is keen to help its users avoid, says Alex. There are additional interesting details behind the reasoning and how Facebook is doing this. Feel free to access full article via the link below.

https://www.cnet.com/news/facebook-chief-security-officer-alex-stamos-web-summit-lisbon-hackers/

Madison County Faces Day 5 of Ransomware Nightmare

November 11, 2016 by Mengxue Ni 2 Comments

Indiana’s Madison County is going on Day 5 of a ransomware nightmare. According to Madison County police, both first responders and civic officials are logging all calls for service by hand. Anderson Police, the Madison County Jail and the county court systems are locked out. “We cannot query old information to bring up prior reports or prior court records,” said Madison County sheriff Scott Mellinger, “If we want to bring somebody’s record up for something in the future, let’s say for somebody that has been arrested or somebody who is even in jail then we cannot look up information that would help us at a hearing. On the sheriff’s office side, we cannot book people into jail using the computers. We are using pencil and paper like the old days.” The IT department worked around the clock to recover files, while officers work to track down who is responsible for the attack. The only good news is that officials do not believe that people’s personal or payment information is at risk for this event.

Link: http://www.infosecurity-magazine.com/news/madison-county-faces-day-5-of/

SQLi, XSS zero-days expose Belkin IoT devices, Android smartphones

November 11, 2016 by Anthony Clayton Fecondo Leave a Comment

Researchers from Invicea Labs recently discovered two zero day vulnerabilities in Belkin’s home automation devices. These vulnerabilities were to SQL injection and cross site scripting. The devices utilize an app to allow users to control various internet of things devices in their home through one interface. However, using SQL injection, hackers can change or insert new rules into the database that the application uses in order to control the devices.

Google brands malicious websites with ‘repeat offender’ warnings

November 9, 2016 by Brent Easley 1 Comment

http://www.pcworld.com/article/3139972/internet/google-brands-malicious-websites-with-repeat-offender-warnings.html

Google in a fight to protect the users who use their browser, has now a safe browsing arsenal to protect them from using websites with malware and unwanted software. Google will flag the websites as unsafe using a big red warning sign in the browser. Sites will have apply to google to get the warning lifted. Site owners will not be able to apply for a repeal of the warning for 30 days. The red large warning sign will remain until after the repeal process.

“Some SuperPAC Websites Are Not Super-Secure”

November 9, 2016 by Mengqi He 1 Comment

A recent research found gaping security holes in several SuperPAC public websites that may expose personal information of donors and other sensitive data. These vulnerabilities range from weak or nonsexist encryption and open ports to old and outdated server platforms. Security firm UpGuard assessed the security posture of top SuperPACs actives in the 2016 US election, and found that most of them could reach the average level of security. SuperPACs do not store payment information, but they keep donors’ personal information. Exposing donors’ identifies is a great issue because the purpose of these organizations is to hide who’s giving money. The main vulnerabilities are due to lack of encryption, no email authentication to avoid phishing scams, open SQL ports, and no DNSSEC adoption.

Link: http://www.darkreading.com/vulnerabilities—threats/some-superpac-websites-are-not-super-secure/d/d-id/1327430

DDoS Attacks on Apartments’ Heating System Left Residents Cold and Angry

November 9, 2016 by Wayne Wilson 2 Comments

https://www.hackread.com/ddos-attacks-on-apartments-heating-system/

Here is an example of how incorporating IoT into our everyday lives could have a crippling effect on us. An apartment building in the city of Lappeenranta in Finland, had its heating system hit with a DDOS attack causing residents to lose heat and hot water. Luckily on the day of the attack, the temperature was 20℉. Lappeenranta is known to have temperatures go as low as -25℉ in the winter.

China’s new cybersecurity bill alarms human rights experts

November 8, 2016 by Ioannis S. Haviaras 6 Comments

Chinese courts have signed into law an agreement that will make it more difficult for companies to house data on servers inside the country. The data that is housed in the country must now be censored even though the company may not be in China. This changes the landscape of freedom of speech on the internet. Since China is the biggest internet market in the world with over 700 million users (double the population of the United States) it could have serious implications on censorship throughout the world. State run press in the country states that this censorship will help with fraud in the country. Hopefully companies doing business in China can find elsewhere to house their data to avoid censorship of the internet.

Article: https://www.cnet.com/news/chinas-new-cyberlaws-have-many-scared/

Bank halts online transactions after money stolen from 20,000 accounts

November 7, 2016 by Jason A Lindsley Leave a Comment

This is a bank’s worst nightmare and I’ll be following this story closely. The financial, reputational, and regulatory damage that an event like this causes is very significant. Although, 20,000 accounts is a very small percentage of the 8 million total Tesco Bank accounts, this is very poor customer experience that will likely result in a loss of customers.

It is very important that this bank quickly perform root cause analysis and remediation activities to restore service to normal operations. Then damage control will likely ensue, which will include efforts to appease customers and regulators, refund customer losses, and assure the public that they have fully addressed the vulnerability(ies) that were exploited. I’m very curious to find out the root cause on this one.

http://arstechnica.com/security/2016/11/tesco-bank-online-fraudsters-attack-40000-current-accounts/