Stupid human security tricks
I have been at this for a long time now. Roughly two decades of working for all sorts of companies, clients and now as a vendor. It has been an an interesting ride. One thing that I did over the years was keep journals. Notebooks where I scribbled down my day to day tasks, thoughts as well as solutions. Picking…[Read more]
A Quarter of Businesses Have No Control over Network Privileges
While data breaches stemming from insider privilege abuse continue to make headlines, the sad reality is that a full quarter of organizations have zero control over who accesses what in the network.
Corporate culture hinders cyber insurance buy-in
Homeland Security officials working to promote cyber insurance cautions that security issues are too often marginalized within the IT department rather being incorporated into the larger enterprise risk management…[Read more]
NSA director defends plan to maintain ‘backdoors’ into technology companies
The National Security Agency director, Mike Rogers, on Monday sought to calm a chorus of doubts about the government’s plans to maintain built-in access to data held by US technology companies, saying such “backdoors” would not be harmful to privacy, would not fatal…[Read more]
Hackers target health care as industry goes digital
Medical fraud could increase as hackers gain sensitive medical information on victims
With more health providers and insurers incorporating IT into clinical care, hackers are viewing the health care industry as their next target.
“Cybercriminals know that the health industry is moving…[Read more]
20% of Security Operations are Woefully Unprepared for Attacks
That’s the assessment from HP, whose 2015 report on the State of Security Operations, and almost 70% of security operation centers (SOCs) and cyber-defense organizations are only achieving “minimum ad-hoc threat detection and response capabilities.” In other words: enterprises aro…[Read more]
Below you´ll find a link to a digital “on-line” attack map.
It´s a data visualization that allows users to explore historical trends in DDoS attacks, and make the connection to related news events on any given day. The data is updated daily, and historical data can be viewed for all countries.
I suggest you glance over this site, it´s ve…[Read more]
Thousands of U.S. gas stations exposed to Internet attacks
Over 5,000 devices used by gas stations in the U.S. to monitor their fuel tank levels can be manipulated from the Internet by malicious attackers.
These devices, known as automated tank gauges (ATGs), are also used to trigger alarms in case of problems with the tanks, such as fuel…[Read more]
Coca-Cola in the Dock After Massive Laptop Theft
Coca-Cola could be in trouble after one of its employees filed a class action suit against it following the theft of over 50 staff laptops from a bottling plant.
The lawsuit, which was filed in a Pennsylvania federal court on Wednesday, alleges that the company should be held responsible for…[Read more]
HSBC Turkey Hackers Grab Data from 2.7m Cards
HSBC Turkey has admitted it suffered a major card breach of 2.7 million accounts, but maintained that there was no need to reissue said cards because not enough information was stolen to commit identity fraud.
The bank said in an online FAQ that it discovered the incident over the past week, and…[Read more]
Chapter 33:Cyber forensics
Cyber forensics is increasingly found in the courtroom. Judges allow cyber-based evidence as it was no different from “traditional evidence” such as: documents, business books, films, etc. However analogies with more traditional evidential material were beginning to break down.
Chapter 34:Cyber forensics…[Read more]
Hacker Lexicon: What Is a Zero Day ?
Zero day actually refers to two things—a zero-day vulnerability or a zero-day exploit.
Zero-day vulnerability refers to a security hole in software that is yet unknown to the software maker or to antivirus vendors. This means the vulnerability is also not yet publicly known, though it may already be k…[Read more]
American Express to Implement Digital Tokens to Replace Cards
American Express has announced that it will implement payment tokenization for card transactions, which allows shoppers to use their smartphones as payment mechanisms, providing a granular defense to reduce the exposure of live credit and debit card data in vulnerable systems.…[Read more]
Researchers Claim Major Visa Contactless Card Flaw
Researchers from Newcastle University claim that a glitch in Visa’s contactless cards means criminals could covertly steal up to 999,999 in any currency from customer accounts with rogue point-of-sale (POS) machines.
The flaw which the team claims to have discovered effectively bypasses t…[Read more]
The Russian Epicenter of Cybercrime Ramps Up the Sophistication
This article talks about how the Russian high-tech crime market for 2014 is showing ever-increasing sophistication, with criminals creating shadow worlds of illegal activity, exploiting new financial theft techniques and incorporating mobile attacks more often.
The Russian…[Read more]
Readings – Key point
To secure web applications is very important to consider the way data input is handled by the system. Software should be developed using standard frameworks and input validation libraries in order to reduce risk.
Web Attacks Increasingly Launched from Amazon Infrastructure
Web application…[Read more]
NSA Classification ECI = Exceptionally Controlled Information
This short article mentions that ECI is a classification above Top Secret.
I posted this news because it seemed interesting to me since we have talked about information classification in our classes.
ECI is for things that are so sensitive they’re basically not written down,…[Read more]
Thumbprint: 56 55 ef 6f ac 0a bd 86 d9 d3 09 70 be bc c6 33 e3 4b 05 e5
Thumbprint algorithm: SHA1
Issuer: VeriSign, Inc
Thumbprint: e3 ef c9 26 85 f3 ce ef 97 b5 60 88 ff ce 4b 70 92 17…[Read more]
- Load More