From ars technica:
NSA has VPNs in Vulcan death grip—no, really, that’s what they call it
Wednesday, December 31, 2014
Stealing certificates to sign malware will be the next big market for hackers
From the Information Security Strategy blog:
Stealing certificates to sign malware will be the next big market for hackers
Stealing certificates to sign malware will be the next big market for hackers
Dear Cyber Criminals: We’re Not Letting Our Guard Down in 2015
From DarkReading:
Dear Cyber Criminals: We’re Not Letting Our Guard Down in 2015
You very cunningly attacked the $3 trillion US healthcare industry, including swiping 4 million electronic health records from Community Health Systems, each EHR worth 50 times more on the black market than a credit card number. The FBI Cybercrime Division even issued a warning to the healthcare community that its security measures were inadequate and couldn’t defend against a basic attack, let alone an advanced threat.
EHRs sell for about $50 a pop and can generate profit in many ways. The medical identity may be sold, so someone can get an operation they otherwise couldn’t afford. Details, like a mother’s maiden name, are most likely included as well -- extremely useful for identity theft. And then there’s that other sensitive information. EHRs contain personal info ranging from drug rehab to STDs and details you wouldn’t want anyone knowing. This information can be posted on the Internet, adversely affecting a person’s life, ruining career potential, and even opening one up to blackmail. The FBI acknowledged the value of this opportunity, calling healthcare “a rich new environment for cyber criminals to exploit.” Kudos for your accomplishments in this area.
Dear Cyber Criminals: We’re Not Letting Our Guard Down in 2015
You very cunningly attacked the $3 trillion US healthcare industry, including swiping 4 million electronic health records from Community Health Systems, each EHR worth 50 times more on the black market than a credit card number. The FBI Cybercrime Division even issued a warning to the healthcare community that its security measures were inadequate and couldn’t defend against a basic attack, let alone an advanced threat.
EHRs sell for about $50 a pop and can generate profit in many ways. The medical identity may be sold, so someone can get an operation they otherwise couldn’t afford. Details, like a mother’s maiden name, are most likely included as well -- extremely useful for identity theft. And then there’s that other sensitive information. EHRs contain personal info ranging from drug rehab to STDs and details you wouldn’t want anyone knowing. This information can be posted on the Internet, adversely affecting a person’s life, ruining career potential, and even opening one up to blackmail. The FBI acknowledged the value of this opportunity, calling healthcare “a rich new environment for cyber criminals to exploit.” Kudos for your accomplishments in this area.
Seven Things to Watch for in 2015
From ThreatPost:
Seven Things to Watch for in 2015
Healthcare Data is the New Credit Card Number
If you believe the data coming out of underground sites, credit card numbers have flooded the market driving the price of a stolen card down. What’s in is identity data and credentials. And the most vulnerable subset of personal information is health care information. As with any rush-to-market, the conversion of paper records to electronic is likely to leave gaping holes ripe for a hungry community of hackers who can turn a quick profit with information that can be used for fraud, insurance scams and illicit drug purchases.
Seven Things to Watch for in 2015
Healthcare Data is the New Credit Card Number
If you believe the data coming out of underground sites, credit card numbers have flooded the market driving the price of a stolen card down. What’s in is identity data and credentials. And the most vulnerable subset of personal information is health care information. As with any rush-to-market, the conversion of paper records to electronic is likely to leave gaping holes ripe for a hungry community of hackers who can turn a quick profit with information that can be used for fraud, insurance scams and illicit drug purchases.
2014-12-31 Link of the Day: Free Info From Infosec Institute
From the InfoSec Institute:
Log Analysis for Web Attacks: A Beginner’s Guide
Mini Courses -
iOS Application Pen-Testing for Beginners
Introduction to IT Security & Computer Forensics
Cryptography Short Course (CISSP Domain #5)
Pass the Security+ Performance-Based Questions
Log Analysis for Web Attacks: A Beginner’s Guide
Mini Courses -
iOS Application Pen-Testing for Beginners
Introduction to IT Security & Computer Forensics
Cryptography Short Course (CISSP Domain #5)
Pass the Security+ Performance-Based Questions
Any/all products/services are provided for informational purposes only. The author does not endorse any single product.
Use these products/services at your own risk.
Tuesday, December 30, 2014
Blackberry releases first security fixes for new Z10 smartphone
From SecurityOrb.com:
Blackberry releases first security fixes for new Z10 smartphone
Why is this company still in business??? This phone was released 2 years ago and it's just getting its first security fix? Way to go Blackberry, way to go.
Blackberry releases first security fixes for new Z10 smartphone
Why is this company still in business??? This phone was released 2 years ago and it's just getting its first security fix? Way to go Blackberry, way to go.
Will 2015 be the year we finally do something about DDoS?
Awesome piece by John Bambeneck from SANS ISC:
Will 2015 be the year we finally do something about DDoS?
Will 2015 be the year we finally do something about DDoS?
2014-12-30 Link of the Day: Metasploit Unleashed
This is a free course from HFC (Hackers For Charity). Please be kind & make a donation if you take the course:
Metasploit Unleashed
Metasploit Unleashed
Any/all products/services are provided for informational purposes only. The author does not endorse any single product.
Use these products/services at your own risk.
Monday, December 29, 2014
How you could become a victim of cybercrime in 2015
From The Guardian:
How you could become a victim of cybercrime in 2015
“Cybercriminals will go after bigger targets rather than home users as this can generate more profits for them. We will see more data breach incidents with banks, financial institutions, and customer data holders remaining to be attractive targets,” suggests Trend Micro.
“Weak security practices like not using two-factor authentication and chip-and-pin technology continue to persist in the banking sector. These practices will cause financially motivated threats to grow in scale throughout the coming year.”
Healthcare is also expected to be a target. “Companies operating in the sector are a privileged target because of the wealth of personal data they manage, and that represents a precious commodity in the criminal underground,” notes InfoSec Institute.
“Healthcare data are valuable because medical records can be used to commit several types of fraudulent activities or identity theft. Their value in the hacking underground is greater than stolen credit card data.”
WebSense’s Carl Leonard agrees. “The healthcare industry is a prime target for cybercriminals. With millions of patient records now in digital form, healthcare’s biggest security challenge in 2015 will be keeping personally identifiable information from falling through security cracks and into the hands of hackers.”
How you could become a victim of cybercrime in 2015
Banking and healthcare companies at risk
“Cybercriminals will go after bigger targets rather than home users as this can generate more profits for them. We will see more data breach incidents with banks, financial institutions, and customer data holders remaining to be attractive targets,” suggests Trend Micro.
“Weak security practices like not using two-factor authentication and chip-and-pin technology continue to persist in the banking sector. These practices will cause financially motivated threats to grow in scale throughout the coming year.”
Healthcare is also expected to be a target. “Companies operating in the sector are a privileged target because of the wealth of personal data they manage, and that represents a precious commodity in the criminal underground,” notes InfoSec Institute.
“Healthcare data are valuable because medical records can be used to commit several types of fraudulent activities or identity theft. Their value in the hacking underground is greater than stolen credit card data.”
WebSense’s Carl Leonard agrees. “The healthcare industry is a prime target for cybercriminals. With millions of patient records now in digital form, healthcare’s biggest security challenge in 2015 will be keeping personally identifiable information from falling through security cracks and into the hands of hackers.”
Saturday, December 27, 2014
Friday, December 26, 2014
6 Sony Breach Lessons We Must Learn
From DataBreachToday:
6 Sony Breach Lessons We Must Learn
I would argue that #4 should top the list. There are no bullet proof cybersecurity solutions making everyone vulnerable.
6 Sony Breach Lessons We Must Learn
I would argue that #4 should top the list. There are no bullet proof cybersecurity solutions making everyone vulnerable.
2014-12-26 Link of the Day: FREE - Introduction to Cyber Security Course
This is geared more towards the UK & European cybersecurity enthusiast. My fellow Americans can learn from it as well.
Introduction to Cyber Security
Next class - 2015-01-26
Introduction to Cyber Security
Next class - 2015-01-26
Any/all products/services are provided for informational purposes only. The author does not endorse any single product.
Use these products/services at your own risk.
Wednesday, December 24, 2014
Two-factor authentication oversight led to JPMorgan breach, investigators reportedly found
From Network World:
Two-factor authentication oversight led to JPMorgan breach, investigators reportedly found
Strongly consider a 2FA solution for any Internet facing or sensitive systems in your organization.
Two-factor authentication oversight led to JPMorgan breach, investigators reportedly found
Strongly consider a 2FA solution for any Internet facing or sensitive systems in your organization.
2014-12-24 Link of the Day: Wifi Protector
I just came across this in the Google store. After doing some research I found there is also a Windows application named Wifi Protector. It does not appear to be available for Apple products or Linux distros. These two products look interesting. The Android app protects your device from ARP & MitM attacks while the Windows version creates a VPN to encrypt your data when using an untrusted wifi network.
If anyone has used either of these please leave comments on your experience with them.
Android Wifi Protector
Detects and protects from all kinds of ARP (Address Resolution Protocol) related attacks in Wi-Fi networks, like DOS (Denial Of Service) or MITM (Man In The Middle).
Protects your phone from tools like FaceNiff, Cain & Abel, ANTI, ettercap, DroidSheep, NetCut, and all others that try to hijack your session via "Man In The Middle" through ARP spoofing / ARP poisoning.
Don't allow such tools to break your privacy and steal your data. You can defend yourself with a single app.
Allows secure usage of Facebook, Twitter, LinkedIn, Live.com, eBay ...
WifiKill can't take you offline with this app installed.
The "Immunity" feature is the only one that requires root, all other features work without root access.
Windows Wifi Protector -
Is your WIFI network secure?
Scan and protect your system. 100% FREE!
Most Wi-Fi networks use poor security which leaves you exposed to privacy breaches and identity theft. Wifi Protector scans all the wi-fi networks you use on regular basis for any security problems and helps to protect you online.
Article on Windows version - WiFi Protector: Secure Your WiFi Connection With 256 Bit Encryption & Change IP Address
If anyone has used either of these please leave comments on your experience with them.
Android Wifi Protector
Detects and protects from all kinds of ARP (Address Resolution Protocol) related attacks in Wi-Fi networks, like DOS (Denial Of Service) or MITM (Man In The Middle).
Protects your phone from tools like FaceNiff, Cain & Abel, ANTI, ettercap, DroidSheep, NetCut, and all others that try to hijack your session via "Man In The Middle" through ARP spoofing / ARP poisoning.
Don't allow such tools to break your privacy and steal your data. You can defend yourself with a single app.
Allows secure usage of Facebook, Twitter, LinkedIn, Live.com, eBay ...
WifiKill can't take you offline with this app installed.
The "Immunity" feature is the only one that requires root, all other features work without root access.
Windows Wifi Protector -
Is your WIFI network secure?
Scan and protect your system. 100% FREE!
Most Wi-Fi networks use poor security which leaves you exposed to privacy breaches and identity theft. Wifi Protector scans all the wi-fi networks you use on regular basis for any security problems and helps to protect you online.
Article on Windows version - WiFi Protector: Secure Your WiFi Connection With 256 Bit Encryption & Change IP Address
Any/all products/services are provided for informational purposes only. The author does not endorse any single product.
Use these products/services at your own risk.
Tuesday, December 23, 2014
2014-12-23 Link of the Day: Endian Firewall Community
Here is a free, full featured firewall for home/SOHO/SMB use:
Endian Firewall Community
Endian Firewall Community
Any/all products/services are provided for informational purposes only. The author does not endorse any single product.
Use these products/services at your own risk.
Monday, December 22, 2014
Friday, December 19, 2014
Thursday, December 18, 2014
Subscribe to:
Posts (Atom)