Mustafa Al Shalchi

I thought this infographic would help with visualizing this elite advanced persistent threat:
http://m.v3.co.uk/IMG/818/326818/satellite-turla-russia-malware.png

Please see associated link:
http://mobile.nytimes.com/2015/06/21/us/attack-gave-chinese-hackers-privileged-access-to-us-systems.html?referrer=&_r=0

Interesting histograms; thanks for sharing.

Hello,
In view of the above mentioned vulnerabilities related to open source, how good is Apple’s closed source iOS is considered?
Thanks

Vacca Readings:
IT security management should consist of blueprint, policies, procedures and processes to enable organizational structure and technology to protect an organization’s IT resources. The above mentioned are what ensures the CIA triad, confidentiality, integrity, and availability of IT resources.
The key to a successful ITSM…[Read more]

Vacca Readings
Chapter 33, 34
With the wide acceptance of cyber forensics in businesses, Federal Judges have accepted similar cyber-based evidence on the basis that it was no different from forms of evidence. The underlying evidence were still documents, business books, weighing machines, calculating machines, films, and audio tapes, etc.…[Read more]

Vacca Reading

Routine use of vulnerability assessment tools along with immediate response to identified problems will alleviate this risk.

As part of the vulnerability assessment is the process of identifying and quantifying vulnerabilities in a system; one of the most important parts of identifying and quantifying vulnerabilities is…[Read more]

Vacca Reading

cellular networks are the most highly used communication network. It is also the most vulnerable, with inadequate security measures making it a most attractive target to adversaries that want to cause communication outages during emergencies.

Like all IT, RFID presents it’s own security and privacy risks that must be assessed…[Read more]

N.S.A. Phone Data Collection Could Go On, Even if a Law Expires
A provision of the Patriot Act was overlooked by lawmakers and administration officials will give President Obama a possible way to keep the National Security Agency’s bulk phone records program going indefinitely — even if Congress allows the law on which it is based to expire nex…[Read more]

SpoofedMe attacks exploit popular websites social login flaws

The researchers at IBM’s X Force security discovered a way to gain access to Web accounts by exploiting misconfiguration in some social login services.

The experts at IBM’s X Force discovered that it is possible to gain control of accounts at various websites, including Nas…[Read more]

Facebook Supports Anonymity! ”
…Facebook has recently adopted and supported enhanced privacy by setting up base on the Tor Network. TOR network is one of most popular, free and untraceable networks on the net (as far as advertised).

The Tor Project is a service based on free software that enables anyone running the Tor client software to…[Read more]

So secure chip-based credit and debit cards may not be the gold seal for securing plastic transactions…not anymore. Due to recent ‘Replay’ attacks which has been spoofing chip card charges. This is a new pattern of credit card fraud coming from Brazil. So far, reports have indicated that it has been targeting American financial institutions.…[Read more]

Key Points on this weeks’ assignment:
No matter what each business needs, it is important to keep DRP and BCP plans simple.
If they are kept simple, it can be followed and adopted and performed by someone other than your core personnel to ensure you have an effective plan in place. It is fine to think about RTO and RPO, but it should be a…[Read more]

How would the original CISOs give advise to today’s security leads? So long to the days where script-kiddies deface your webpage…with today’s advanced persistent threats, CISOs will find themselves facing evolving, persistent threats from sophisticated crime syndicates, hacktivists, and larger scale state-sponsored attacks as well. Please see…[Read more]