PAX South 2016
So PAX South was pretty fun yesterday. I went with two other friends and I was glad we only did one day after getting tired out there. Click on the pictures below for larger images.
So PAX South was pretty fun yesterday. I went with two other friends and I was glad we only did one day after getting tired out there. Click on the pictures below for larger images.
Threat: Customer support leaking customer data in social engineering attacks.
Solution: Reduce digital footprint of public personal information to limit access to information which can used with customer service.
URL: http://arstechnica.com/security/2016/01/how-amazon-customer-service-was-the-weak-link-that-spilled-my-data/
This is an interesting article on how customer service can be targeted in social engineering attacks to give out your personal and financial information. In this case the individual was targeted multiple times through Amazon customer support. The attacker used information obtained about the individual online and after a series of online chats and phone calls built up more personal information about the victim and ultimately obtained his financial information.
This is a difficult attack to defend against. The first best defense is limiting the amount of online information available about yourself and your employees. As this victim did, it’s also important to follow up on any clues to potential breaches of your information. When a service allows it, using some form of two factor authentication is also highly advisable.
Customer service a threat to your security? Read Post »
Threat: Users targeted with malware in advertising
Solution: Utilize adblocking technology and/or implement other security measures such as disabling javascript by default
URL: http://www.engadget.com/2016/01/08/you-say-advertising-i-say-block-that-malware/
Specifically in this threat the website Forbes asked users to disable ad blockers but the ads served were found to contain malware. This particular instance is worse in my opinion than some as the website owners asked users to disable what is quickly becoming a popular security option and then preceded to serve users malware. While I like to support websites, it makes it difficult to do so when ad networks are not better vetted.
In a multi layered approach security professionals should keep their systems and plugins patched so that known exploits can’t be used on systems. As another layer of security I also recommend turning off javascript by default and only enabling that on trusted websites. Unfortunately in this case the web site would normally be a trusted source so full ad blocking through a proxy, software or other mechanism would be the only way to completely remove exposing systems to the malware.
Users targeted with malware in advertising Read Post »
Threat: Cities face many risks from cyberattackers and the attacks are increasing.
Solution: Cities need to continue to catch up in cybersecurity and practice responses to cyberattacks.
URL: http://www.marketwatch.com/story/the-mind-boggling-risks-your-city-faces-from-cyber-attackers-2016-01-04
In the article the author details the numerous threats and vulnerabilities in cities infrastructure. For example the city of San Diego uses 400 different applications, some of them decades old. With more and more systems exposed to the Internet through networks, these out of date systems are extremely vulnerable. Patching systems isn’t the only solution necessary.
In addition to updating software and policies cities need to practice responses to cyberattacks. The article tells of one simulation where a city wasted 45 minutes waiting for an engineer to reach a computer. Cities need to know who handles what and have a plan for when they can’t reach a point of contact. Through this multi layer approach cities can better prepare for cyberattacks.
Cities face many risks from cyberattackers and the attacks are increasing. Read Post »