It is important to know and understand the devices you have deployed throughout your organization and what roles those device play in the function and security of your environment. If you have any Cisco ASR 1000 devices in play, specifically on the edge of your network or with some form of public facing interface, take notice of this patch and apply as soon as possible. Given the ease of exploitation, this vulnerability will be leveraged in the wild.
Month: July 2015
NIST – SP 1800-1 – DRAFT Securing Electronic Health Records on Mobile Devices
I am excited to see NIST produce a new series of helpful guidelines and best practices. This SP 1800 has strong potential.
OwnStar Device Can Remotely Locate, Unlock, and Start GM Cars
This is yet another disturbing vehicle hack, but in this case, the vulnerability lies in the OnStar related mobile app and not in the vehicle embedded system. At least the security stop gap does not mean you have to stop driving your car.
https://threatpost.com/ownstar-device-can-remotely-locate-unlock-and-start-gm-cars/114042
Teradata Vulnerability Announced: Big Potential Headaches For Big Data Solution
For those of you managing a big data analytics platform or repository, this article is for you. Teradata is a fairly popular platform and these types of vulnerabilities should be taken seriously. All systems should be part of a standardized patching cycle. No systems are bulletproof. Even airgaps can be overcome.
Even former heads of NSA, DHS think crypto backdoors are stupid
Michael Chertoff is an opinion worth heeding, so I would highly recommend reading through his comments on the dangers of mandatory crypto backdoors.
The First 24 Hours In The Wake Of A Data Breach
This is both some valuable statistical data to tuck away when preparing for a debate around preparedness as well as a nice outline of to-do’s from an incident response perspective.
WordPress 4.2.3 is out, update your website now
Patching is always important, especially when related to core web infrastructure. If you use WordPress as your site’s foundation, now is the time to patch.
https://nakedsecurity.sophos.com/2015/07/23/wordpress-4-2-3-is-out-update-your-website-now
Why Companies Are Still Unprepared for the EMV Transition
For those of you not lost in the world of credit card transactions and security measures, EMV is the standard for moving branded credit cards from swipe and sign technologies to chip and pin. Though sad, the results detailed in this article are in no way surprising. Many retailers simply do not understand the value of EMV or do not care enough for their customers relative to the potential cost for new pin pads.
Fiat Chrysler Recalls 1.4 Million Cars After Software Bug is Revealed
It is good to see an auto maker take this type of threat seriously and respond with both patches to the software and mass communications to owners. That said, I do believe the research team deserves more recognition and credit for the work they performed.
https://threatpost.com/fiat-chrysler-recalls-1-4-million-cars-after-software-bug-is-revealed/113936
Virtual Sweater Vest 