Executive Summary Financial, healthcare and other personal / private information is a treasure trove for criminals and the proliferation of online records (payment, healthcare, etc.) and data sharing between entities (e.g., web portals for accessing healthcare records, payment portals for both B2B and B2C payment processing, etc.) gives these criminals countless opportunities to find data […]
Category: Events
Some lessons learned from the ransomware attack on the City of Atlanta
On 22 March 2018, the public learned of a ransomware attack in the City of Atlanta information systems. The City of Atlanta held a press conference soon after the news broke and multiple news outlets covered the incident. In this article, I don’t want to re-hash the information already presented but rather highlight a few […]
Excellent article on the Georgia “Computer Crime” bill, SB315
S.B. 315 uses the term, “unauthorized access,” which is a very murky term. If you’re trying to go through all the proper channels in advance and get authorization for something, it’s not always clear who the person who has the authority to give that authorization is. If it’s a website and you’re testing some part […]
New malware currently targeting restaurants. What you need to know before it targets your industry.
According to this article from Threatpost, a new malware nicknamed FIN7 is using a new technique to spread and avoid detection. The malware is reportedly associated with the Carbanak group and is targeting the restaurant industry. Considering it’s effectiveness though, it’s safe to assume that either this attacker will move to other industry verticals or […]
What can I learn from the recent NSA breach to better protect my organization?
You have probably heard by now that NSA Contractor Reality Leigh Winner used her access to leak classified information to The Intercept. The news media is covering the political angles here but there’s an excellent story on Operational and Information Security (OPSec and InfoSec respectively) that’s being largely ignored and some valuable lessons to learn […]
The Cyber Defense Certainty Act, Active Defense or Hacking Back?
The Active Cyber Defense Certainty Act seeks to “…provide a defense to prosecution for fraud and related activity in connection with computers for persons defending against unauthorized intrusions into their computers, and for other purposes“. The [draft] bill seems well intentioned but overly ambiguous, leaving a lot of room for abuse (and for other purposes […]
Breach confirmed by InterContinental Hotels affecting 12 of it’s properties
According to articles from ThreatPost and DataBreachToday, InterContinental Hotels has confirmed a breach in systems used at 12 of it’s properties and notes that the systems were infected between August and December of 2016. According to both reports, cards used at the front desk of the properties were not affected but that the malware searched […]
1 Million + Google Accounts Compromised
According to this article at Ars Technica and this one from Clark.com, attackers have compromised more than 1 million Google accounts using a new variant of the Ghost Push Android malware. The malware ‘roots‘ vulnerable devices to gain elevated access and then downloads and installs additional malware. What do we know? Based on the information […]
Information on 412 million accounts from FriendFinder published
According to this article from Threatpost, an attack on the FriendFinder network has left details on more than 400 million accounts exposed for sites including Adult FriendFInder, Penthouse.com and Stripshow.com and others. There’s a good bit of info in the linked ThreatPost and ClarkHoward.com articles but there were a couple of things that were glossed […]
Hacking back to defend against attacks. Good idea or Pandora’s box?
Following the recent attacks against DYN (and Krebs, OVH and others) by the Merai botnet, there has been chatter about ‘hacking back’ as a means of active defense. If you missed the story or aren’t really sure what happened, there’s a good video on it here from Threatwire to get you up to speed but, […]