Sev Shirozian

ISACA Event and Interesting Topic of Conversation

December 6, 2018 by Sev Shirozian 1 Comment

So as part of our assignment this week, I chatted with a bunch of people at the ISACA event and one of the conversations I had with an ISACA member was what concerns you about cyber security now or in the future? And the answer I got was about how we might have good encryption standards now but in the future if China or an adversary gets there hands on it, in 5-10 years with Quantum computing they will easily be able to own the data. This turned in to talking about how we need to adopt Quantum computing sooner than later to prevent this threat in the future. In fact I ran into this article that talks about this topic.

https://www.technologyreview.com/s/612509/quantum-computers-encryption-threat/

This article basically talks about how complacency is a mistake and how we need to start working on standards and encryption methods that can’t be cracked by quantum computers. They see the hard part is getting everyone to agree to this standards and the hope is that its going to take a long time for a malicious user to get there hands on quantum computing.

On a side note, the event was very nice, and a great experience to network with others in the field.

Amazon Announcing They will Provide Services On Prem.

November 29, 2018 by Sev Shirozian Leave a Comment

So ever since I heard the acronym AWS it’s been known to be associated with cloud services. But looks like Amazon is getting into the on prem business. They say that there are customers that are not ready for the cloud for various reasons including regulatory reasons where they cannot host their data in a public cloud, so they want to bring their services to you! This is going to be interesting because they always pushed cloud services, now they are saying there is a business case for keeping the data on prem. This will be direct competition with other vendors that provide hardware/servers for on prem data centers since they will be deploying amazon built hardware. I wonder if this business is really going to take off or not….

https://www.cnbc.com/2018/11/29/amazon-outpost-brings-cloud-technology-to-traditional-data-centers.html

Dell – Next Up admitting they were hacked!

November 29, 2018 by Sev Shirozian Leave a Comment

Dell just announced that they were hacked and unauthorized users might have tried to extract customer information such as names, emails, addresses, and hashed passwords. I’m not surprised that another major company had a breach. But it doesn’t look like they are sharing much more information. They do mention they don’t think the data was exfiltrated and that it probably wasn’t a persistent threat, where they found the incident pretty quickly. Let’s see what comes out of this one…

https://www.zdnet.com/article/dell-announces-security-breach/

Phishing Sites using SSL protection to make them look more legit

November 27, 2018 by Sev Shirozian Leave a Comment

According to this engadget article, an anti-phishing company called PhishLabs has found that almost 50% of phishing sites are now using SSL encryption on their sites. Although they are now encrypted traffic they are still stealing information from you! Any now that they are using SSL, some browser pop ups won’t alert you as much that there’s something wrong with this site (IE not using SSL). This also will show the padlock in your browser giving the user a false sense of security. They mention in the article, phishing sites using SSL as been trending upwards over the past few years. I can definitely see in the future most if not all phishing sites will do this all the time. It’s a few extra dollars to get SSL certs, but completely worth it to them if they get to steal valid credentials and personally identifiable information.

https://www.engadget.com/2018/11/26/half-of-phishing-sites-now-show-as-secure/

Cisco to offer more Security Services with their SD-WAN Offering

November 14, 2018 by Sev Shirozian Leave a Comment

Cisco, the worlds most famous networking company has decided to build in some of their other security services into their SD-WAN offering. Software-defined wide area network (SD-WAN) is a new alternative and cheaper way of connecting networks. Building security into is is a huge deal. Some of security features they are going to add include application aware firewalling, IPS (intrusion prevention systems) and URL filtering.

If you wanted a one stop shop for a service this could be it!

https://www.zdnet.com/article/cisco-updates-sd-wan-portfolio-with-new-security-features/

DHS to Spend 1.3 Million on Cyber Research to help Industry

November 11, 2018 by Sev Shirozian 1 Comment

DHS is working with teams at the University of California, San Diego, and University of Illinois, Chicago to help build tools and research the best approach for cyber security defense. This effort comes from a program called Cyber Risk Economics, an effort by the DHS to help people invest in cyber security defenses that will have the biggest bang for the buck. If they understand the best approach to cyber defense, then they can make smarter investment decisions for cyber security.

https://www.defenseone.com/technology/2018/11/dhs-funded-tech-could-help-calculate-costs-cyberattacks/152729/

Microsoft wants to continue working with Trump on Cyber Security

November 11, 2018 by Sev Shirozian 1 Comment

What I find very interesting about this article is how cyber security is one of the thing we deal with in our lives that is not pro democrat or pro republican, but is something that either party can make a priority regardless of who’s the president. Now it’s time to work with Trump on initiatives to safe guard our country our citizens and even the rest of the world from bad actors and malicious intent.

https://www.cnbc.com/2018/11/07/microsoft-wants-to-work-with-trump-and-congress-on-cybersecurity.html

Hackers Targeting the Midterm Elections Voting

November 6, 2018 by Sev Shirozian Leave a Comment

There are some reports that hackers are trying really hard to hack the midterm elections. Some are saying they aren’t successful, but others are saying misinformation being spread by them are causing enough damage. Targets include the voter registration databases, election officials, and networks across the country. They are trying to injections of malicious computer code to a massive number of bogus requests for voter registration forms.

Facebook is also battling this front by removing bogus accounts that partake in these activities. Given it’s voting day, have you guys seen any evidence of this yourselves?

https://www.bostonglobe.com/metro/2018/11/04/hackers-targeting-election-networks-across-country-lead-midterms/d0EzG4Cmh2jeMqllhXo4WP/story.html

https://www.vox.com/policy-and-politics/2018/11/6/18067756/2018-midterm-election-russia-hacking-interference-meddling-china-iran

Here comes another one….called PortSmash

November 6, 2018 by Sev Shirozian Leave a Comment

A vulnerability called PortSmash or CVE-2018-5407 has joined the list of other dangerous side-channel vulnerabilities discovered in the past year, including older ones like Meltdown, Spectre and Foreshadow. This side channel vulnerability resides Intel’s Hyper-Threading technology. This vulnerability allows an attacker to see sensitive protected data like passwords and keys from other processes running in the same CPU core with simultaneous multi-threading feature enabled.

Will something like the T2 chip that apple makes on the Mac prevent issues like this?

https://www.zdnet.com/article/intel-cpus-impacted-by-new-portsmash-side-channel-vulnerability/

Four Cyber Security Myths You Shouldn’t Tell Yourself

November 5, 2018 by Sev Shirozian Leave a Comment

I found this article pretty interesting especially for those folks that will end up working for smaller companies. You’ll see why security is always important no matter the size of your company or if you think you’ve never been hacked before. In fact it talks about how security can help your company save money.

Here’s a list of the myths the article talks about:

Myth 1: Small organizations are low-value targets for hackers.

Myth 2: There’s no reason to invest in security when organizations with tight security controls still experience security breaches.

Myth 3: Our organization has not been breached before, so we’re still safe.

Myth 4: Security is an expense, not a revenue generator.

https://www.informationsecuritybuzz.com/articles/four-cybersecurity-myths/