Doug Vitale Tech Blog

May – June 2017 News Archive

‘NotPetya’: Latest Ransomware is a Warning Note From the Future

IEEE Spectrum, 30 Jun 2017 – In the Ukraine, which took the brunt of the attack, NotPetya certainly disrupted government and business operations, affecting hundreds of companies and offices. The Russian government has been suspected as a possible origin for NotPetya, and on Friday NATO said they strongly suspected a “state actor” or private entity with close ties to a state. [More]


Parliament hit by ‘sustained’ cyber-attack

BBC, 24 Jun 2017 – Parliamentary authorities said hackers had mounted a “determined attack” on all user accounts “in an attempt to identify weak passwords”. A number of MPs have confirmed to the BBC they are not able to access their parliamentary email accounts outside of the Westminster estate. [More]


25 Year Old Hacker Steals Hundreds of User Accounts from US Military

National Crime Agency, 16 Jun 2017 – A computer hacker has admitted stealing hundreds of user accounts from a US military communications system. Sean Caffrey, 25, accessed and stole the ranks, usernames and email addresses of more than 800 users of a satellite communications system, as well as of about 30,000 satellite phones. He pleaded guilty at Birmingham Crown Court today to an offence under the Computer Misuse Act. [More]


1 in 5 Enterprise Passwords Can Be Easily Compromised

PreEmpt, 14 Jun 2017 – Based upon our analysis of enterprises who have downloaded Preempt Inspector to determine the quality of their organization’s password health, over 7% of employees are using compromised passwords from a previous breach and nearly 20% can be easily compromised. [More]


New CIA Wireless Hacking Tool ‘Cherry Blossom’ Compromise Wireless Devices using MITM

GBH, 14 Jun 2017 – CherryBlossom is capable of performing exploits in software and monitoring Internet activities in targeted victims such as commonly used WIFI devices in private and public places, including small and medium-sized companies as well as enterprise offices. [More]


82% of Databases Left Unencrypted in Public Cloud

Dark Reading, 25 May 2017 – These findings come from the RedLock Cloud Security Intelligence (CSI) team’s “Cloud Infrastructure Security Trends” report. The team analyzed more than one million cloud resources, processing 12 petabytes of network traffic, and dug for flaws in public cloud infrastructure. They found 4.8 million records, including protected health information (PHI) and personally identifiable information (PII), were exposed because best practices like encryption and access control aren’t enforced. [More]


Your data is probably safer with Facebook than your hospital

ReCode, 15 May 2017 – Collison went on to say that companies like Facebook and Google are savvy enough to “understand the threats,” but that their biggest strength is being young organizations. “They don’t have these enormous, impossible-to-comprehend systems from 1970, that have points of connection that someone forgot about,” he said. “Or [they’re not] using encryption technologies that were broken 20 years ago, but no one has had the chance to go upgrade yet.” [More]


Why Hardware Engineers Have to Think Like Cybercriminals

IEEE Spectrum, 15 May 2017 – The future of cybersecurity is in the hands of hardware engineers. That’s what Scott Borg, director of the U.S. Cyber Consequences Unit, told 130 chief technical officers, engineering directors, and key researchers from MEMS and sensors companies and laboratories. Borg, speaking at the MEMS and Sensors Technical Congress, held on the campus of Stanford University, warned that “the people in this room are now moving into the crosshairs of cyberhackers in a way that has never happened before.” [More]


WCry/WanaCry Ransomware Technical Analysis

EndGame, 14 May 2017 – There has been a lot of discussion about the method of propagation and the overall impact of this ransomware, but what does this ransomware actually do from start to finish? That is the question I’ll answer in this post. [More]


Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

White House, 11 May 2017 – The executive branch operates its information technology (IT) on behalf of the American people. Its IT and data should be secured responsibly using all United States Government capabilities. The President will hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises. [More]


Advertisements

Written by Doug Vitale

August 2, 2017 at 6:34 PM

%d bloggers like this: