You are viewing 'Security breach'
The news has been rife with headlines about voting hacks, with the FBI revealing that state voter registration databases have been compromised and warning of ongoing attacks. Meanwhile, one of the major parties has already suffered two known breaches and WikiLeaks continues to post Clinton campaign emails on a regular basis. So far, signs are pointing to operators inside Russia as the culprits for all of the above.
Many of us in the information security... read more >
A look inside the Ashley Madison breach dump, and deploying a botnet from the attacker’s PoV
The Solutionary Security Engineering Research Team (SERT) released its Q3 2015 Threat Report today.
As the source of 68% of all detected attacks and 51% of all detected malware, the United States is once again the most hostile source of cyberattacks. As we’ve seen in the past, this does not mean that the attackers are within the U.S., but they are using U.S. sites as their launching pads. The jump in reconnaissance activity seen in Q2 15 probably contributed to a 42% increase in cyberattacks during Q3. Detected malware, on the other hand, dropped by nearly 40% from what was seen during Q2 15. Malware detection and trends continue to vary widely from quarter to quarter, but one interesting trend is that the four top sources of malware accounted for 96% of all malware detected during Q3.
Yes, detected malware is down. That is, except for detected command and control... read more >
The first known, reported account of hacking in professional sports
One Major League team hacked another one for competitive gain? Say it ain’t so, Joe.
Teams have often tried to steal the other team’s signs during a game to predict a play or a pitch. This has been part of baseball since its earliest days. Now, it seems that a team may have taken it to a new level. Corporate espionage may now be part of our national pastime.
It looks as if the first known instance of one professional sports team hacking another has been reported. According to a NY Times report, the St. Louis Cardinals are facing an F.B.I. inquiry due to the alleged hacking of the Houston Astros.
On June 16, 2015, the NY Times reported:Investigators have uncovered evidence that Cardinals officials broke into a network of the Houston Astros that housed special databases the team had built,... read more >
2015: Year of the ___?
2014 is behind us. Depending on your perspective, 2014 is either known as “The Year of the Data Breach” or the “Year of the Undisclosed Vulnerability.”
According to the Identity Theft Resource Center, there were 761 breaches reported in the U.S. during 2014, with over 83 million records exposed in 2014 (as of December 23, 2014). This is an increase of over 25% over the same timeframe in 2013.
With the seemingly never-ending data breach announcements, the general public has started taking a “so what, it's just another data breach” kind of attitude about data breaches. It’s as if there is now almost an expectation that your data will end up in the... read more >
A List of Do's and Don'ts
Employees return from lunch and swipe their badges across proximity readers at the main entrance and the side door leading from the smoking area. The chatter of multiple conversations via mobile and in-person merges with the oh-so-familiar beeps, accompanied by the green (or was it red) light and the routine motions of “badging in” is just that... routine.
The hacker observes discretely. He identifies the vulnerability. Adopting the guise of an employee, he raises his smartphone to his head and joins the line of tailgaters. He exploits the vulnerability.
The above scenario is constantly used by penetration testers, security consultants, disgruntled and... read more >