DOS and DDOS attacks are far from a thing of the past or something that is easily mitigated. Mr. Krebs has taught us that over the last week. Organizations should take their preparations very seriously.
Month: September 2016
End-of-support devices on networks weakening cyberdefenses, report
This article is extremely telling in terms of the true risks many of us face in supporting customers, either external or internal, from an IT security perspective. A lack of product and equipment maintenance, in terms of replacement schedules and upgrades, causes security issue after security issue, and frankly, the motivation to correct the problem by the customer comes way too late. Usually a system is either down or compromised or both.
System maintenance and system lifecycle management are important components to the success of any organization and should be talking points for any IT security professional when discussing risk management.
ISC Patches Critical Error Condition in BIND
Please review any and all installations of BIND in your environment and patch accordingly. Potential DNS vulnerabilities should be taken seriously.
https://threatpost.com/isc-patches-critical-error-condition-in-bind/120940/
Ransomware Is Now Officially Extortion Under California Law
This is a great example of legislation catching up with technology. I am thrilled to see this change in California. There is no question that ransomware is a form of extortion and as such, it should be subject to the penalties associated with such a crime.
https://blog.knowbe4.com/ransomware-is-now-officially-extortion-under-california-law
Google Launches All-Out War on XSS
This is an important step in the battle against XSS vulnerabilities. Kudos to Google on moving the ball forward and building better tools that will hopefully lead to better web code.
http://www.infosecurity-magazine.com/news/google-launches-all-out-war-on-xss/
Krebs – Inside Arizona’s Pump Skimmer Scourge
This is an interesting read detailing the continued growth of fuel pump skimming, in this case with specific examples from the state of Arizona. One particularly interesting tidbit is the discussion of pump master keys. As someone who has worked around and supported from the periphery many fuel centers, I have witnessed first hand the challenges of dealing with pump locks. Most pumps are indeed keyed alike and there is a significant expense to the retailer to convert to non-standard locks. This is an issue that should be better addressed at the industry level.
https://krebsonsecurity.com/2016/09/inside-arizonas-pump-skimmer-scourge/
Ransomware to hit $1B in 2016
There is no question that the business of ransomware is profitable and this blog post by Fortinet provides the statistics to back up that claim. Because of the financial advantages, there is every reason to expect this problem to continue to thrive and grow.
https://blog.fortinet.com/2016/09/27/ransomware-to-hit-1b-in-2016
25 Emerging Security Vendors To Watch
This is an interesting list of vendors/products. I am hard pressed to refer to some of these companies as “emerging”, but I do suppose they are entering into new fields and new product sets.
http://www.darkreading.com/cloud/25-emerging-security-vendors-to-watch/d/d-id/1326966
Education sector bullied by ransomware and can barely defend itself, report
As someone with a spouse in the education sector, this article certainly hits home. I do see a lack of mature security in many of the educational institutions to which I have been exposed. This is an area in significant need of attention.
KrebsOnSecurity Back Online with Google’s Project Shield
This is an interesting read detailing the attack on Krebs’ website and his move to Google’s Project Shield. Enjoy!
http://www.infosecurity-magazine.com/news/krebsonsecurity-back-online/
https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/
Virtual Sweater Vest 