MIS 5212-Advanced Penetration Testing
MIS 5212 - Section 001 - Wade Mackey
https://thehackernews.com/2018/05/intel-spectre-vulnerability.html
Additional vulnerabilities in Intel’s chip. Same design flaw as Spectre. As the industry finds more vulnerabilities, chip makers do not know if the patches will cause performance issues.
https://thehackernews.com/2018/05/windows-docker-containers.html
Microsoft released an out of band emergency patch last week for a vulnerability in its Windows Host Compute Service. The vulnerability allows an attacker to remotely execute code on the victim’s host machine.
https://www.bloomberg.com/news/articles/2018-04-02/energy-transfer-says-cyber-attack-shut-pipeline-data-system
Cyber attack against a pipeline company. Although only impacting data transfers, their stock price dropped 2.5% due to the news of the attack.
https://thehackernews.com/2018/03/window-remote-assistance.html
A new vulnerability affecting WIN2012, 2016 and 2008, WIN 10, 8 and 7 allows remote attackers to steal sensitive. Not only do you need to be suspicious of giving access to your computer and a of the person’s machine whom is connecting to you.
A recent Forbes article mentions 68% of senior IT professions do not think their boards are being briefed on mitigating controls for cyber risks. I was surprised by the percentage. Either companies are not managing up, or down, or are not doing enough to mitigate cyber risk.
https://www.forbes.com/sites/gilpress/2018/03/15/cybersecurity-by-the-numbers-market-estimates-forecasts-and-surveys/#5b079c3212c4
https://www.darkreading.com/vulnerabilities—threats/anatomy-of-an-attack-on-the-industrial-iot-/a/d-id/1331097
This article details an attack on an IoT device. Similar to the kill chain, the attacker follows a recon, development, execution and command and control phase. Reminds the vulnerabilities with IoTs supporting critical infrastructure.
https://www.darkreading.com/careers-and-people/best-practices-for-recruiting-and-retaining-women-in-security/d/d-id/1331114
The article introduces a few best practices, according to Forrester Research, to help reduce the gender gap in the cybersecurity field.
Women represent 15- 20% of the industry. However that includes risk management functions.
Recruit from academic institutions with a higher enrollment of women, Mentoring programs and Sponsor, recruit from diverse security events are a few examples.
Companies in the UK that fail to protect themselves effectively from hackers could be fined up to £17m.
http://www.bbc.com/news/technology-42861676?intlink_from_url=http://www.bbc.com/news/topics/cz4pr2gd85qt/cyber-security&link_location=live-reporting-story
The UK government is cracking down on cyber malpractice. The article states if companies fail to protect themselves from cyber crimes they will be fined.
Due to the data and services energy, transport, water and health companies provide, they are expected to have the most robust safeguards. Under a new government directive the cyber security practices at these companies will be inspected by regulators.