Balancing the Sharing of Information

CyberSecurity Journal

Subscribe to CyberSecurity Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get CyberSecurity Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

Equifax Is an Enron Moment, But Not the Way You May Think Enron changed how U.S. public companies audit and report their financial data. There is also an opportunity to use the Equifax data breach to create a framework for better protection of our data in future. The credit reporting agency reported one of the largest data breaches in the history. Hackers were able to steal sensitive information from its internal servers. The stolen data include name, Social Security Number (SSN), date of birth, and also credit card numbers and driver license numbers in some cases. A massive breach like this can haunt the victims for years to come. What makes this specific breach even more damaging is the type of the stolen data. If someone steals your credit card number, you call your bank and get a new card hopefully before the hacker is able to make use of the stolen card. But, if... (more)

[video] #IoT Security with @SecureChannels | @ThingsExpo #BigData #AI #M2M

"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Download Show Prospectus ▸ Here The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researcher... (more)

No Passwords | @CloudExpo #Cloud #API #AI #ML #DL #DX #Cybersecurity

Every time there’s a notable cybersecurity breach, someone (even me) writes a comprehensive primer on the proper way to create “secure” passwords. Lather, rinse, repeat. Until a few years ago, everyone (including me) based their password advice on a 2003 paper from the National Institute of Standards and Technology (NIST), with the catchy title “NIST Special Publication 800-63.” The paper recommended that passwords be cryptic, contain special characters, and be as close to nonsense as possible. I was in a camp I called “How to Make a Cryptic Password You Can Easily Remember.” The short version was this: take a phrase you know, such as a favorite quote from a movie, and use the first letter of each word. For example, Sheriff Brody’s famous line from Jaws, “I think we’re gonna need a bigger boat,” becomes 1twgn@bb. The trick was using Leet (a technique where letters ... (more)

Effective SOC and an Automated Process | @ThingsExpo #IoT #M2M #Cybersecurity

Why 2017 Is the Time to Invest in an Effective SOC and an Automated Process Every Security Operations Center (SOC) manager and security analyst is struggling to some degree to stay one step ahead of the dramatic growth in cybercrime and the ransomware epidemic. In fact, according to the Cybersecurity Market Report published by Cybersecurity Ventures, a cyber security research and publishing firm, spending on cybersecurity is predicted to top $1 trillion between 2017 and 2021. There are plenty of very real and costly examples that show why organizations are increasing their spending for cybersecurity. While the high profile Mirai attacks with the Dyn IoT botnet attack affecting more than 100,000 endpoints is just the latest, the reality is that this is just the tip of the emerging iceberg. With a developing reality of billions of under-protected Internet of Things (... (more)

Network Security Today | @CloudExpo #Cloud #AI #SDN #Security #Analytics

In its 2017 State of Malware Report, Malwarebytes Labs recorded a 267 percent increase in ransomware between January 2016 and November 2016, with over 400 different variants in total. The report noted that while malware authors mostly relied on ransomware to make the bulk of their revenues, there was an increase in ad fraud as well. Botnets and mobile malware also continue to expand and evolve. The report predicts that until IoT devices become secure out of the box, botnets will get even bigger and pose an even greater threat to the internet - and any company connected to it. Financial services organizations are facing a relentless and determined cyber assault. Many recent factors have converged to create greater complexity and threat opportunity in the network, undermining the effectiveness of security prevention solutions. Bring Your Own Device (BYOD) can act as a... (more)

Announcing @SecureChannels to Exhibit at @CloudExpo | #DevOps #IoT #AI #DX #SmartCities

SYS-CON Events announced today that Secure Channels, a cybersecurity firm, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Secure Channels, Inc. offers several products and solutions to its many clients, helping them protect critical data from being compromised and access to computer networks from the unauthorized. The company develops comprehensive data encryption security strategies that are tailored for the unique needs of each client; the team builds in an intuitive user experience to boost efficiency and effectiveness of its cyber security solutions. For more information, please visit http://www.securechannels.com/. 21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, wil... (more)

The Dark Side of SSH Key Compliance | @CloudExpo #Cloud #AI #Compliance

Who is accountable for SSH-related, key-based access in your organization? In many enterprises, this is not clear, leading to assumptions that leave you vulnerable to attack and compliance violations as well. This article will address the challenge of SSH user key-based access from the perspective of compliance. It's all about access control. All the regulations, laws and frameworks exist to ensure, at a minimum, that protected data (PII, ePHI, credit card data, etc.) has authorized access. It doesn't matter whether that access is being requested by a machine, admin or business user. The fact is that: Oversight and control are sorely lacking in many organizations. They do not have visibility into SSH user key-based trusts or monitoring capabilities. They lack processes for provisioning ownership, revocation and rotation of keys. There is no ownership of the access b... (more)

How to Turn Your Microwave into a Camera | @ThingsExpo #IoT #M2M #Security

You can turn a microwave into a camera and I’ll teach you how in a minute, but before I do, let me share this news item. In a recent interview with a reporter from the Bergen Record, Kellyanne Conway was asked about surveillance. She responded: “There are many ways to surveil each other now, unfortunately. There was an article this week that talked about how you can surveil someone through their phones, certainly through their television sets, any number of different ways. And microwaves that turn into cameras, etc. So we know that that is just a fact of modern life.” On its face, her statement about “microwaves that turn into cameras, et cetera” is ridiculous. It reminds me of the late Sen. Ted Stevens’ famous “Tubes” speech. I went right after “Uncle Ted” for his techno–faux pas, but even then, there were bigger issues to consider. It would be exceptionally easy ... (more)

Mistakes Retailers Make in Digital Transformation | @ThingsExpo #IoT #M2M #DigitalTransformation

A key challenge that retailers face today is the difficulty of accurately judging where they are on the digital maturity curve relative to their competitors. There appears to be little expertise in making this assessment; for example, 79% of digital leaders don't know they are ranked as leaders, and only 56% of retailers ranked as average in our study believe they are at this level. The other 44% in the average category mistakenly believe they are either leaders or laggards. The lack of competitive clarity makes it even more difficult to develop an effective competitive strategy. Our research suggests that retailers' plans reflect neither self-awareness nor a realistic idea of what it will take to catch up or leapfrog their competitors in this highly competitive space. Namely, factors such as online sales penetration, business performance, attitudes about digital, pl... (more)

Keeping Digital Health Organizations Safe from Cyber Attack | @CloudExpo #DX #Cloud #Security

For health organizations, breaches are a constant threat, due to the high value of healthcare data - Social Security Numbers, treatment records, credit information, and other sensitive personally identifiable information (PII). And the cost of a breach to a health system or hospital can be devastating. And the health care industry has seen its share of breaches in the past quarter alone. For example, the National Health Service in England and Scotland was hit by a Wanna Decryptor ransomware attack affecting at least 16 of its organizations. Within two days 150 countries were affected. Also last quarter, up to millions of patient records at Bronx-Lebanon Hospital Center in New York stored on a backup system managed by iHealth Innovations were exposed to a data breach. Despite all the focus on preventing protected health information (PHI) theft and thwarting the next ... (more)

Thwarting Ransomware Attacks | @CloudExpo #BigData #ML #Cybersecurity

Having an Actionable Disaster Recovery Plan Is Crucial in Thwarting Ransomware Attacks As we have seen over and over again, a new wave of ransomware attacks has been plaguing large parts of Europe over the last couple of weeks. While the affected individuals and organizations are struggling with the very tangible business impact of the loss of revenue and operations, it's critical to step back and review what else one could do to mitigate and minimize the damage from such attacks in the future. Not everyone seems to be agreeing on the exact name of the attack - however this particular strain is apparently from a family of attacks that uses EternalBlue, an exploit developed by NSA, along with an MS Office / WordPad vulnerability discovered earlier this year. While the previous ransomware attack was known as WannaCry, this latest attack goes by several names - Petya... (more)