It may be hard to source some attacks, but it depends on the attack as well. We also have to decide what data to use as to who got attacked? Following data and image is from FBI report: https://www.ic3.gov/media/annualreport/2018_IC3Report.pdf The answer to the question is 367 entities were attacked and reported to the FBI in … Read more
First of all what is a rootkit? A collection of software that runs and tries to hide from the computer user and administrator while also allowing the attacker access to the computer. It does this by connecting as ‘root’ to the Operating System kernel. In Linux ‘root’ is the administrator. If you can masquerade as … Read more
Another Thotcon presentation was very good, unique and moves the industry forward. Julian Cohen presented This idea: “Understanding Your Adversaries” In his talk: “Adversary-Based Threat Analysis” He explained that in the traditional Threat modeling Process the following 6 items happen. Identify Assets Create Architecture Overview Decompose an Application Identity the Threats Document the Threats Rate … Read more
Thotcon (Chicago’s Hacking Conference) thoughts… Saw several good Cybersecurity presentations while one of the keynotes “Josh Corman” discussed the burnout of the infosec opsec community. This is a problem for our industry as I have discussed before in past posts. It has to do with the 3 following topics: 1. Workload to most infosec people … Read more
If there is no way to fix a vulnerability what do you do if you have a camera with a vulnerability? Here is the quote on Threatpost (from the engineer that found the flaw): “Over 2 million vulnerable devices have been identified on the internet, including those distributed by HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO … Read more
