Another Thotcon presentation was very good, unique and moves the industry forward. Julian Cohen presented This idea: “Understanding Your Adversaries” In his talk: “Adversary-Based Threat Analysis” He explained that in the traditional Threat modeling Process the following 6 items happen. Identify Assets Create Architecture Overview Decompose an Application Identity the Threats Document the Threats Rate … Read more
Thotcon (Chicago’s Hacking Conference) thoughts… Saw several good Cybersecurity presentations while one of the keynotes “Josh Corman” discussed the burnout of the infosec opsec community. This is a problem for our industry as I have discussed before in past posts. It has to do with the 3 following topics: 1. Workload to most infosec people … Read more
If there is no way to fix a vulnerability what do you do if you have a camera with a vulnerability? Here is the quote on Threatpost (from the engineer that found the flaw): “Over 2 million vulnerable devices have been identified on the internet, including those distributed by HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO … Read more
In the field of Cybersecurity we have to do a lot of basic things: as discussed in Behavioralscientist.org So what is your plan? Firewall, Antivirus, IT people vigilance, updating devices and software… What are your enemies’ plans? When your enemy actually interacts with your employees it shows. There are always business level threats (where employees … Read more
A few headlines in a day or 2 – are typical day at the Cybersecurity Office. Verizon Routers command injection flaw could impact millions of routers. High Severity flaw CVE=8.5. “The vulnerabilities exist in the API backend of the Verizon Fios Quantum Gateway (G1100), which supports the administrative web interface.” Exodus Spyware attacking Apple … Read more
