From WSJ article On May 7th hackers were able to shut down a number of city of Baltimore computers. They demanded $100k worth of bitcoins to release their stranglehold. On this day that is about 13 Bitcoins (value of Bitcoins fluctuates). So Baltimore is refusing to pay as they should. The ransomware the hackers used … Read more
It may be hard to source some attacks, but it depends on the attack as well. We also have to decide what data to use as to who got attacked? Following data and image is from FBI report: https://www.ic3.gov/media/annualreport/2018_IC3Report.pdf The answer to the question is 367 entities were attacked and reported to the FBI in … Read more
Another Thotcon presentation was very good, unique and moves the industry forward. Julian Cohen presented This idea: “Understanding Your Adversaries” In his talk: “Adversary-Based Threat Analysis” He explained that in the traditional Threat modeling Process the following 6 items happen. Identify Assets Create Architecture Overview Decompose an Application Identity the Threats Document the Threats Rate … Read more
Thotcon (Chicago’s Hacking Conference) thoughts… Saw several good Cybersecurity presentations while one of the keynotes “Josh Corman” discussed the burnout of the infosec opsec community. This is a problem for our industry as I have discussed before in past posts. It has to do with the 3 following topics: 1. Workload to most infosec people … Read more
If there is no way to fix a vulnerability what do you do if you have a camera with a vulnerability? Here is the quote on Threatpost (from the engineer that found the flaw): “Over 2 million vulnerable devices have been identified on the internet, including those distributed by HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO … Read more
