Balancing the Sharing of Information

CyberSecurity Journal

Subscribe to CyberSecurity Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get CyberSecurity Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

In its 2017 State of Malware Report, Malwarebytes Labs recorded a 267 percent increase in ransomware between January 2016 and November 2016, with over 400 different variants in total. The report noted that while malware authors mostly relied on ransomware to make the bulk of their revenues, there was an increase in ad fraud as well. Botnets and mobile malware also continue to expand and evolve. The report predicts that until IoT devices become secure out of the box, botnets will get even bigger and pose an even greater threat to the internet - and any company connected to it. Financial services organizations are facing a relentless and determined cyber assault. Many recent factors have converged to create greater complexity and threat opportunity in the network, undermining the effectiveness of security prevention solutions. Bring Your Own Device (BYOD) can act as a... (more)

No Passwords | @CloudExpo #Cloud #API #AI #ML #DL #DX #Cybersecurity

Every time there’s a notable cybersecurity breach, someone (even me) writes a comprehensive primer on the proper way to create “secure” passwords. Lather, rinse, repeat. Until a few years ago, everyone (including me) based their password advice on a 2003 paper from the National Institute of Standards and Technology (NIST), with the catchy title “NIST Special Publication 800-63.” The paper recommended that passwords be cryptic, contain special characters, and be as close to nonsense as possible. I was in a camp I called “How to Make a Cryptic Password You Can Easily Remember.” The short version was this: take a phrase you know, such as a favorite quote from a movie, and use the first letter of each word. For example, Sheriff Brody’s famous line from Jaws, “I think we’re gonna need a bigger boat,” becomes 1twgn@bb. The trick was using Leet (a technique where letters ... (more)

Effective SOC and an Automated Process | @ThingsExpo #IoT #M2M #Cybersecurity

Why 2017 Is the Time to Invest in an Effective SOC and an Automated Process Every Security Operations Center (SOC) manager and security analyst is struggling to some degree to stay one step ahead of the dramatic growth in cybercrime and the ransomware epidemic. In fact, according to the Cybersecurity Market Report published by Cybersecurity Ventures, a cyber security research and publishing firm, spending on cybersecurity is predicted to top $1 trillion between 2017 and 2021. There are plenty of very real and costly examples that show why organizations are increasing their spending for cybersecurity. While the high profile Mirai attacks with the Dyn IoT botnet attack affecting more than 100,000 endpoints is just the latest, the reality is that this is just the tip of the emerging iceberg. With a developing reality of billions of under-protected Internet of Things (... (more)

Announcing @SecureChannels to Exhibit at @CloudExpo | #DevOps #IoT #AI #DX #SmartCities

SYS-CON Events announced today that Secure Channels, a cybersecurity firm, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Secure Channels, Inc. offers several products and solutions to its many clients, helping them protect critical data from being compromised and access to computer networks from the unauthorized. The company develops comprehensive data encryption security strategies that are tailored for the unique needs of each client; the team builds in an intuitive user experience to boost efficiency and effectiveness of its cyber security solutions. For more information, please visit http://www.securechannels.com/. 21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, wil... (more)

Keeping Digital Health Organizations Safe from Cyber Attack | @CloudExpo #DX #Cloud #Security

For health organizations, breaches are a constant threat, due to the high value of healthcare data - Social Security Numbers, treatment records, credit information, and other sensitive personally identifiable information (PII). And the cost of a breach to a health system or hospital can be devastating. And the health care industry has seen its share of breaches in the past quarter alone. For example, the National Health Service in England and Scotland was hit by a Wanna Decryptor ransomware attack affecting at least 16 of its organizations. Within two days 150 countries were affected. Also last quarter, up to millions of patient records at Bronx-Lebanon Hospital Center in New York stored on a backup system managed by iHealth Innovations were exposed to a data breach. Despite all the focus on preventing protected health information (PHI) theft and thwarting the next ... (more)

[video] #IoT Security with @SecureChannels | @ThingsExpo #BigData #AI #M2M

"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Download Show Prospectus ▸ Here The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researcher... (more)

[session] A Live Hack Simulation | @CloudExpo @VinnyTroia #AI #DX #Security

Know Your Adversary: A Live Hack Simulation Using NSA's Stolen Digital Weapons When NSA's digital armory was leaked, it was only a matter of time before the code was morphed into a ransom seeking worm. This talk, designed for C-level attendees, demonstrates a Live Hack of a virtual environment to show the ease in which any average user can leverage these tools and infiltrate their network environment. This session will include: An overview of the Shadbrokers NSA leak situation A review of the first iteration of the malware - lifecycle, how it was stopped, etc. A review of iterations of the malware Some states on machines still accessible (via Shodan stats) In his session at 20th Cloud Expo, Vinny Troia, CEO of NightLion Security, will also include a live hack simulation. This will be pre-recorded but he will walk the audience through what is happening. He will cov... (more)

How to Turn Your Microwave into a Camera | @ThingsExpo #IoT #M2M #Security

You can turn a microwave into a camera and I’ll teach you how in a minute, but before I do, let me share this news item. In a recent interview with a reporter from the Bergen Record, Kellyanne Conway was asked about surveillance. She responded: “There are many ways to surveil each other now, unfortunately. There was an article this week that talked about how you can surveil someone through their phones, certainly through their television sets, any number of different ways. And microwaves that turn into cameras, etc. So we know that that is just a fact of modern life.” On its face, her statement about “microwaves that turn into cameras, et cetera” is ridiculous. It reminds me of the late Sen. Ted Stevens’ famous “Tubes” speech. I went right after “Uncle Ted” for his techno–faux pas, but even then, there were bigger issues to consider. It would be exceptionally easy ... (more)

Insource or Outsource the SOC | @CloudExpo #AI #SOC #Security #Analytics

These days attacks are becoming more sophisticated and more common. Mobile devices, cloud computing and the Internet of Things have increased the number of access points that must be secured. To complicate matters, CISOs are been directed to secure system without compromising the seamless experience that customers expect across channels, and if the organization is in a regulated industry, compliance issues likely increase the team's workload. To best detect threats and respond to incidents quickly, many organizations decide they need a security operations center to provide proper protection and continuous prevention. Then they must decide whether to build an internal Security Operations Center (SOC) or outsource. Advantages and Disadvantages of an Internal SOC The advantages of building an internal SOC include: A dedicated staff that knows the particular environment a... (more)

The Dark Side of SSH Key Compliance | @CloudExpo #Cloud #AI #Compliance

Who is accountable for SSH-related, key-based access in your organization? In many enterprises, this is not clear, leading to assumptions that leave you vulnerable to attack and compliance violations as well. This article will address the challenge of SSH user key-based access from the perspective of compliance. It's all about access control. All the regulations, laws and frameworks exist to ensure, at a minimum, that protected data (PII, ePHI, credit card data, etc.) has authorized access. It doesn't matter whether that access is being requested by a machine, admin or business user. The fact is that: Oversight and control are sorely lacking in many organizations. They do not have visibility into SSH user key-based trusts or monitoring capabilities. They lack processes for provisioning ownership, revocation and rotation of keys. There is no ownership of the access b... (more)

Thwarting Ransomware Attacks | @CloudExpo #BigData #ML #Cybersecurity

Having an Actionable Disaster Recovery Plan Is Crucial in Thwarting Ransomware Attacks As we have seen over and over again, a new wave of ransomware attacks has been plaguing large parts of Europe over the last couple of weeks. While the affected individuals and organizations are struggling with the very tangible business impact of the loss of revenue and operations, it's critical to step back and review what else one could do to mitigate and minimize the damage from such attacks in the future. Not everyone seems to be agreeing on the exact name of the attack - however this particular strain is apparently from a family of attacks that uses EternalBlue, an exploit developed by NSA, along with an MS Office / WordPad vulnerability discovered earlier this year. While the previous ransomware attack was known as WannaCry, this latest attack goes by several names - Petya... (more)