Discussion of public breaches of security
It seems everyone should be looking for Command and Control traffic from inside the network (updated on 04/01/2016) What does Command and Control mean? It is the last process in the hacking cycle: As we have pointed out: SVAPE & C Scan, Vulnerability Analysis, Penetrate Exploit & Control from other posts http://www.fixvirus.com/svapec/ Our … Read more
We know the problems with the Anthem Breach: no encryption But does it mean you should encrypt your data? What does it mean to “encrypt the data” What if your data is “stolen” with correct credentials, i.e. if someone has the username and password then it is over, whether the data is encrypted matters … Read more
Snowden documents lead to Regin and malware. http://threatpost.com/researchers-link-regin-to-malware-disclosed-in-recent-snowden-documents/110667 The malware seems to be related to the QWERTY keylogger found in the Snowden documents. The researchers claim a connection with Regin malware platform and the QWERTY keylogger noted in Snowden’s documents. Here is a blog post on the analysis of the QWERTY keylogger to the Regin … Read more
Killer Malware… what does it mean? When is it coming? It means a distributed spam network (hard to blacklist) (as John Stewart from Cisco mentioned http://oversitesentry.com/john-stewart-cisco-security-exec-interviewed-by-bloomberg/ ) A Zero-day malware included in well written (targeted) spam. Like the Flash vulnerability that just came out. https://nakedsecurity.sophos.com/2015/01/23/adobe-issues-emergency-fix-for-flash-zero-day/ And then we come to the “Killer” part, Ransomware … Read more
IBM has an infographic and a report: http://www-935.ibm.com/services/us/en/security/infographic/cybersecurityindex.html http://www-935.ibm.com/services/us/en/it-services/security-services/cost-of-data-breach/ (we make a point to show you the whole link, so you know exactly where you are going) The image above is a snippet from the infographic IBM has gathered this information from the Ponemon Institute research report (you can download these reports if you register … Read more