background preloader

Infosec Security

Facebook Twitter

Russia’s Propaganda Trolls Make an Impact in Cyberspace. Featured Articles Recent reporting reveals that the Russian government may be using online propagandists in order to project a positive Russian image to the global community, while attacking those perceived to be a threat to Russian government interests.

Russia’s Propaganda Trolls Make an Impact in Cyberspace

Two individuals that used to work for an organization called the “Internet Research Agency” exposed the propaganda machine whose objective was to influence public opinion, and in some instances, discredit specific targets. The Internet Research Agency is an organization that employees hundreds of online “trolls” – individuals whose job it is to create online discontent. Located in four floors of a building in St. Petersburg, these trolls logged twelve-hour days supporting the Russian government while attacking perceived enemies – the United States, political oppositionists, for example – on social networks, blogs, and comment areas for social media sites. Wi-Fi inflight information security best practices. When you are 30,000 feet in the air and your flight offers Wi-Fi, are you really thinking about hacker Jon who is sitting in seat 44C?

Wi-Fi inflight information security best practices

Probably not. Most people do not even consider that in-flight Wi-Fi is just like public Wi-Fi at a coffee shop. When you purchase time on an in-flight wireless network, your credit card transaction is encrypted. Once the transaction is complete, your laptop and devices are flying high in their birthday suits, again, if you do not take information security hygiene seriously. In the eye of a cybercriminal, in-flight Wi-Fi-gorging passengers are like a shiny tin of pungent tightly-packed sardines. Wi-Fi inflight information security best practices. Never judge an information security professional solely by certification. IoT means IT teams and MSPs must focus on security - Power More. HowManyMillionBIOSesWouldYouLikeToInfect_Whitepaper_v1. Just-Metadata - Intel Gathering and Analysis of IP Metadata. Github Repo: For some time now, I’ve been working on a tool which aggregates data about IP addresses from publicly available sources.

Just-Metadata - Intel Gathering and Analysis of IP Metadata

Three separate events prompted this project. First, I began noticing a large number of IP addresses attempting to brute force their way into my mail server. Second, a large number of systems/IPs scanned my web server for vulnerable web applications (Tomcat, phpMyAdmin, etc). Finally, ATD sometimes will receive spam email that contains malware. Do you know how well your vendors, business associates and contracted third parties (who I will collectively call “contractors”) are protecting the information with which you’ve entrusted them to perform some sort of business activity?

You need to know. Late last year, a study revealed that 33 percent of breaches in the retail industry were due to vulnerabilities caused by third-party vendors having access to sensitive information. The largest healthcare breach in 2014, which affected 4.5 million patients, came from a contractor of a hospital system. The list of breaches caused by contractors throughout all industries could fill a large book. The damage that your third parties can cause to your business can be significant. Kaspersky releases decryption tool that unlocks ransomware. Hacked! How safe is your data on Adult Sites? Darknet Evolution Marketplace’s $12 Million Exit Scam Mystery Deepens. White House Hacked, Possibly by Russians. ALERT: New Ransomware Spearphish Uses One-Click Dropbox Attack. Ransomware: How does your network fare? It’s time for a National Cybersecurity Safety Board (NCSB) In his book The Psychological Edge: Strategies For Everyday Living, clinical psychologist Dr.

It’s time for a National Cybersecurity Safety Board (NCSB)

Samuel Shein writes that while we have a National Transportation Safety Board (NTSB), there is no National Psychological Research Board (NPRB). A group like the NPRB could investigate national disasters caused by those with psychological issues. Even with tragedies such as the Columbine High School and Sandy Hook Elementary School massacres, to the Heaven's Gate mass suicide, 9/11 and more; the US still lacks a central agency that deals with psychological-based tragedies.

Creating a NPRB could be crucial to avoid future tragedies and senseless deaths. With regards to information security, the Sony breach of 2014 shows that the time has arrived to create a National Cybersecurity Safety Board (NCSB). Anthem Hacking Points to Security Vulnerability of Health Care Industry. Photo The cyberattack on , one of the nation’s largest health insurers, points to the vulnerability of health care companies, which security specialists say are behind other industries in protecting sensitive personal information.

Anthem Hacking Points to Security Vulnerability of Health Care Industry

Experts said the information was vulnerable because Anthem did not take steps, like protecting the data in its computers though encryption, in the same way it protected medical information that was sent or shared outside of the database. The hackers gained access to up to 80 million records that included numbers, birthdays, addresses, email and employment information and income data for customers and employees, including its own chief executive.

Empowering More Women to Embrace Information Security. Last year Infosec Buzz posted the Top 25 Female Infosec Leaders to Follow on Twitter.

Empowering More Women to Embrace Information Security

Rooms - Create Something Together. Data Security Incident. Most people think public Wi-Fi is safe. Seriously? Most people who use public Wi-Fi couldn't care less about security, according to the recent 2014 Communications Market Report from Ofcom - the UK's Office of Communications/regulatory authority for telecommunications.

Most people think public Wi-Fi is safe. Seriously?

Researchers reported that more than three-quarters (77%) of people, when asked if they agreed with this statement: I am concerned about security when accessing Wi-Fi outside the home … said, "Nope! " While 75% are blissfully out of agreement with this one: There are certain things that I wouldn’t access/do on the internet when connected to public WiFi. Generate Password. 50,000 sites hacked through WordPress plug-in vulnerability. A critical vulnerability found recently in a popular newsletter plug-in for WordPress is actively being targeted by hackers and was used to compromise an estimated 50,000 sites so far.

50,000 sites hacked through WordPress plug-in vulnerability

The security flaw is located in MailPoet Newsletters, previously known as wysija-newsletters, and was fixed in version 2.6.7 of the plug-in released on July 1. If left unpatched, it allows attackers to upload arbitrary PHP files on the Web server and take control of the site. Teksquisite : #infosec rogue DNS server [MitM?] ... Commons. Why Are Twitter Followers Sending Strange DM's? - The Tekblog. The past two weeks I’ve noted an uptick in Twitter followers sending me strange DM’s.

Why Are Twitter Followers Sending Strange DM's? - The Tekblog

When I contacted them about these strange DM’s, they stated that their account had been compromised. Some valid (compromised) accounts have since been deleted by Twitter and the URLs included in the DMs appear docile at this time. [Pataloca DOT com |] Twitter Followers The original DM URL linked back to a tweet from an account that did not follow me. 30c3: To Protect And Infect, Part 2. LimorElbaz : Top 25 Female #InfoSec Leaders... Peer Review Service for Technology Products.

Stealth Pentesting: When I.T. Doesn't Even Know We're Here. How to enable Family Safety features in Windows 8. The Internet? Kind of a cesspool. And as the parent of kids who are now old enough to operate a Web browser, you can bet I'm keen on checking their activities and filtering out the inappropriate content. Thankfully, Windows 8 offers some solid tools for doing just that. (Windows 7 does, too, but Microsoft made them easier and more robust in the new version of the OS.)

For example, you can limit your child's Web browsing to age-appropriate sites and block or allow specific sites as needed. To get started, you'll need to set up an account for your child. 1. 2. 3. 4. Targeted attack against UAE activist utilizes CVE-2013-0422, drops malware. Think tank presses Blue Coat over censorship concerns. News By Jeremy Kirk January 16, 2013 01:09 AM ET IDG News Service - A Canadian think tank called on Tuesday for continued scrutiny of U.S. security vendor Blue Coat Systems after a new technical analysis showed wide use of its products in countries with human rights and censorship concerns.

The Citizen Lab, based at the Munk School of Global Affairs at the University of Toronto, published a report that showed Blue Coat technology widely deployed at key choke points in telecommunication systems. The report was the result of several weeks of technical analysis that ended earlier this month and focused on two Blue Coat products: ProxySG and PacketShaper. It found ProxySG in use by Egypt, Kuwait, Qatar, Saudi Arabia and the UAE. Securing Critical Information Infrastructure: Trusted Computing Base. Pandora’s Box It was the Stuxnet worm that became the first cyber-weapon whose deployment became well known to the general public. Intentional or not, the people behind Stuxnet opened a Pandora’s box - showing the world how effective an attack on an industrial facility can be. It’s easy for just about anyone to comprehend the potentially devastating effects of a possible future attack on installations in the energy, industrial, financial or other spheres.

After the discovery of Stuxnet, several other close “relatives” were detected: Duqu, Flame and Gauss. These programs have several traits in common, but their targets, functionality and creation timestamps all differ. Security Leaders Give Up. Oracle to patch 79 DB server vulnerabilities. IP Address Inspector. Brucon 2011 streaming. For Infosec Geeks: Geographic Routing Controls. The average PC user does not need access to the entire Internet. The more they have access to the more potential sources of security issues. Get Cocoon Internet Services: Researcher Combats Hackers With Software Subterfuge, Academic Spotlight (Bowdoin)

Story posted August 10, 2011. Researcher Slams Sophos: How Secure Is Your Security Company? Facebook Forensic Paper Release. Top 10 security experts to follow on Twitter. Top 10 security experts to follow on Twitter. Raw. B is for Botnet [ABCs of IT]‬‏ Links. Honda security breach exposes 283,000 customers. High performance access to file storage Honda's Canadian division has suffered a data breach that exposed the personal information of 283,000 customers, according to its website and published media reports. The purloined data includes the names, addresses and vehicle identification numbers of customers who made purchases in 2009.

Gy5dwp Shared by teksquisite. Don't Try This At Home, That's What The Hackerspace is For! Schwartz On Security: First, Know You've Been Breached. The Top Five Most Dangerous Malware. 4 Famous Hackers Who Got Caught. Just recently we were reminded how delicate our online ecosystem really is when the mysterious group Anonymous took down big websites like Visa, Mastercard, and PayPal because they refused to support WikiLeaks.

Anonymous is the latest in the fascinating history of hackers who have had their way with supposedly secure computer systems. The big difference – most of the other guys got caught. 11068_Online_Fraud_report_0810. 11188_Online_Fraud_report_1110. ISPs sign up to voluntary anti-zombie code - Networking. Evolution of Zeus Botnet. U.S. Is Working to Ease Wiretaps on the Internet. Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like and software that allows direct “peer to peer” messaging like — to be technically capable of complying if served with a wiretap order.

How Cyber Jurisdiction Affects Cybercrime Prosecution : Internet Business Law. Chirashi Security.


FAA Mike Monroney Cyber Security Awareness Day (FBC); Oklahoma C.