Week 14

Presentation

 

Analysis Summary from Noah Berson

Executive Summary

Presentation

Global survey from the Center for International Governance Innovation reveals that almost half of all respondents say they don’t trust online shopping. This must be perceived positively from a cyber security standpoint. The general consumers starting to put more pressure on e-commerce organizations to implement superior security technologies to protect people’s privacy. Government regulators/agencies and IT companies must be transparent to explain what/how they will work together to do more for the common good of handling/protecting customers’ information.

http://www.techrepublic.com/article/online-shoppers-are-losing-trust-in-e-commerce-study-finds/

Article Link

“Luke Jennings of security firm Countercept wrote a script in response to last week’s high-profile leak of cyberweapons that some researchers believe are from the National Security Agency. It’s designed to detect an implant called Doublepulsar, which is delivered by many of the Windows-based exploits found in the leak and can be used to load other malware.”  This script is available for download on Github, but a user who downloads it will need some programming skills to allow it to run. “Jennings said he developed his script by analyzing how the Doublepulsar implant communicated over the internet to its control server. However, his original intention was to help businesses identify the implant over their networks, not to scan the entire internet for the implant.”

This article is about an attack devised by security researchers to access motion and orientation sensors using JavaScript code to server malicious code through HTML based iframe tags on legitimate sites.  The JavaScript can then accurately infer characters being entered into the devices by listening in through advert banners or open tabs.

The attacks that were demonstrated are most useful at guessing digits in four-digit PINs and have a 74-percent accuracy the first time it’s entered and a 94-percent chance of success by the third try.

The success of these attacks varied by browser.  Mozilla and iOS have released update to mitigate these attacks.  Google Chrome has not yet released a fix, but has acknowledged the issue publicly.

How Innovative Companies Lock Down Data
http://www.darkreading.com/endpoint/how-innovative-companies-lock-down-data-/a/d-id/1328589?

This is an interesting article that discusses companies that are going “back to the basics” on security measures of protecting data while trying to incorporate the newest methods as well. The author discusses the old measures such as enforcing complex passwords, encryption standards, and disaster recovery readiness as the old but still important measures. He also mentions the new direction that companies are going in such as preventing attacking within applications, real-time monitoring, and using deep learning with cybersecurity analytics. A mixture of old reliable methods with new techniques are definitely needed to face the ever-changing security threats.

How To Find Cybersecurity Vulnerabilities Across Your Environment

 

This article is written by a former CTO who talks about how he managed security at his data center. He talked about the “shotgun test” which is a test to see what you could destroy to do the most damage if you only had one bullet. He wanted to find something equivalent to test cybersecurity. He later suggests that’s Nessus vulnerability scanner might be the closest thing you can do to the shotgun test. He also emphasized the importance of having a balanced security portfolio and spend money wisely on diverse and appropriate security strategies.

 

https://www.forbes.com/sites/danwoods/2017/04/14/how-to-find-cybersecurity-vulnerabilities-across-your-environment/#14e753c4878a