Wednesday, January 21, 2015

This Week in Cyber Security and Privacy, 13-20 January 2015

This Week in Cyber Security and Privacy, 5-12 January 2015.


Links to stories/ pictures:

1. http://www.gironsec.com/blog/2015/01/owning_modems_and_routers_silently/

2. http://itinsight.hu/en/posts/articles/2015-01-28-android-bypass/

3. http://thehackernews.com/2015/01/google-windows-vulnerability.html

4. http://www.theregister.co.uk/2015/01/18/snowden_doc_leak_confirms_china_stole_f35_data/

5. http://www.businessinsider.com/apple-touch-id-icloud-patent-2015-1

6. http://thehackernews.com/2015/01/microsoft-windows-7-support.html

Originally posted on Gadi Evron's blog, at: http://gadievron.blogspot.com/
Also on Facebook: http://www.facebook.com/gadioncyber
And on Twitter: http://twitter.com/gadievron

Gadi Evron.

Wednesday, January 14, 2015

This Week in Cyber Security and Privacy, 5-12 January 2015

This Week in Cyber Security and Privacy, 5-12 January 2015.


Links to stories/pictures:

1. http://www.darkreading.com/attacks-breaches/banking-trojans-disguised-as-ics-scada-software-infecting-plants/d/d-id/1318542
http://threatpost.com/is-it-time-for-certified-ics-security-specialists/104804
2. https://privacyassociation.org/news/a/obama-announces-legislation-on-student-id-consumer-privacy/
3. http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/
4. http://www.engadget.com/2015/01/02/google-posts-unpatched-microsoft-bug/
5. http://motherboard.vice.com/read/you-can-now-install-the-north-korean-operating-system-redstar-30
6. http://www.morganstanley.com/about/press/articles/7f189537-f51c-40b0-a963-fc0dc6c65861.html

Originally posted on Gadi Evron's blog, at: http://gadievron.blogspot.com/
Also on Facebook: http://www.facebook.com/gadioncyber
And on Twitter: http://twitter.com/gadievron

Gadi Evron.

Tuesday, January 06, 2015

This Week in Cyber Security and Privacy, 28 Dec - 4 Jan 2015

This Week in Cyber Security and Privacy, 28 Dec - 4 Jan 2015


Links to stories and photos:
1. http://mashable.com/2014/12/31/sony-cyberattack-blackberrys/

2. http://uk.businessinsider.com/report-angela-merkels-office-hit-by-cyber-attack-2014-12?r=US

3. http://threatpost.com/cellular-privacy-ss7-security-shattered-at-31c3/110135

4. http://www.reuters.com/article/2014/12/27/hacking-tool-idUSL1N0UB00U20141227

5. http://venturebeat.com/2014/12/28/chaos-computer-club-claims-it-can-reproduce-fingerprints-from-peoples-public-photos/

6. http://mobile.nytimes.com/blogs/dealbook/2014/12/22/entry-point-of-jpmorgan-data-breach-is-identified/?_r=2&referrer

7. http://www.haaretz.com/news/diplomacy-defense/1.633119

8. http://www.healthcareinfosecurity.com/nist-to-address-medical-device-security-a-7718

Originally posted on Gadi Evron's blog, at: http://gadievron.blogspot.com/
Also on Facebook: http://www.facebook.com/gadioncyber
And on Twitter: http://twitter.com/gadievron

Gadi Evron.

Monday, December 22, 2014

Cyber is not "passwords" - it's about YOU - Sony experience

Cyber is personal, it is about your life, your business - your kids.

A story from an employee at Sony, following the hack. Worth reading:
http://fortune.com/2014/12/20/sony-pictures-entertainment-essay/

 
Gadi Evron.

Sony and PRNK, still a better love story than...

Gina from Cymmetria Research created another meme on Sony's incident. 

Sunday, December 21, 2014

Real damage, you say? SCADA is here.

I'm often asked "has cyber ever done any real damage?" as if billions lost, lives ruined, and children harassed isn't enough. Cyber is not a separate entity - it's about living our lives and doing our business.

Today, this news story was published. A lot yet remains to be seen, but such case studies are exactly what we've been waiting for.

Apparently, a steel factory in Germany suffered an attack, which resulted in an industrial attacks... or SCADA, cyber-physical, ICS, or whatever you want to call it - attack.

I hope there will be more published on this.

Gadi Evron.

Saturday, December 20, 2014

Importance of intelligence :)

According to this new story, streets thugs jumped the guy who shot Bin Laden, demonstrating the importance of collecting intelligence before an operation. ;)

Too bad it's a satire. :)

#darwinawards

Gadi Evron.

Wasn't me!

We didn't want to stay out of the meme paradise this past week has offered. :)


Meme created by Gina from Cymmetria Research.

Gadi Evron.

This Week in Cyber Security & Privacy - 14-20 December, 2014

This Week in Cyber Security and Privacy
14-20 December, 2014



Links to stories:

- ICANN hacked: http://www.theregister.co.uk/2014/12/17/icann_hacked_admin_access_to_zone_files/
- Oslo snooping mobile towers: http://rt.com/news/214327-snooping-mobile-towers-norway/
- "Misfortune Cookie" vulnerability: http://www.geekrepublic.org/millions-of-routers-from-different-vendors-are-vulnerable-to-misfortune-cookie-attacks/
- Iranian hackers: http://www.foxbusiness.com/technology/2014/02/12/hackers-bust-las-vegas-sands-sites-in-cyber-attack/
- Sheldon Adelson's casino attack attributed to Iranian hackers: http://www.businessinsider.com/iranian-hackers-shut-down-sheldon-adelsons-casino-in-las-vegas-2014-12
- Linux: http://www.techworm.net/2014/12/privilege-escalation-vulnerability-in-linux-cve-2014-9322.html- Git vulnerability: http://wptavern.com/critical-git-vulnerability-patched-update-your-git-clients-immediately
https://github.com/blog/1938-vulnerability-announced-update-your-git-clients
- Sony breach:http://www.csoonline.com/article/2859535/business-continuity/breach-insurance-might-not-cover-losses-at-sony-pictures.html- NIST revision: http://www.nist.gov/itl/csd/sp8000-53a-121614.cfm

Originally posted on Gadi Evron's blog, at: http://gadievron.blogspot.com/

Also on Facebook: http://www.facebook.com/gadioncyber

And on Twitter: http://twitter.com/gadievron

Gadi Evron.

Sony is interesting, but not in what people speak of

Some interesting things happening at Sony - and they are the ones deserving of our attention. Not this attribution nonsense.

Was it N. Korea behind the Sony attacks? Why? Why not? Fact is, nobody knows. It just happened 30 seconds ago. Speak about something important instead - like how to do better.

Honestly, if I was still a CISO, with today's horrible state of cyber security's systematic failure - I'd not be sleeping at night.
I like to avoid FUD and speak facts and measurements - I'm mentioning such "scare talk" as, honestly - would you be sleeping at night if you were a CISO?

That said, here are some interesting tangential stories to follow on this:

Geo-politics are warming up to something... but what? I am slightly concerned by this message from Obama, and yet it makes me wonder if he knows something we don't, or just responds to the public to instill calm... or?

Story: Obama vows US response to Sony hack
http://www.bbc.co.uk/news/world-us-canada-30555997

Cyber insurance is being put to its first major test. I'll be following this story closely.

Story: Breach insurance might not cover losses at Sony Pictures
http://www.csoonline.com/article/2859535/business-continuity/breach-insurance-might-not-cover-losses-at-sony-pictures.html

Sony is not making a very good job at incident response, and in fact, is making a bad show of it - doing what the attackers want, lashing out at file sharers, etc. But knowing they are vulnerable right now and can't do much about it - what would you have done differently? I can't really judge them.

That said, it will be interesting to watch how the movie's numbers do, now that it gains the "forbidden fruit" infamy.

Story: Sony pulls movie "The Interview"
http://www.theguardian.com/film/2014/dec/18/sony-pictures-the-interview-north-korea

Gadi Evron.