Blog - Cyber Security Informer

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

Here we had a situation where an attacker could easily control moving parts within a car from a remote location. Another example also from Context Security was the vulnerability in CloudPets talking (and listening ) teddy bears that amounted to no auth on the Bluetooth allowing an attacker to take control of the toy.

IoT

IoT Firmware Risk Manufacturing

Kimsuky APT continues to target South Korean government using AppleSeed backdoor

Malwarebytes

JUNE 1, 2021

This blog post was authored by Hossein Jazi. The structure and TTPs used in these recent activities align with what has been reported in KISA’s report. Command and Control infrastructure. Kimsuky reuses some of its phishing infrastructure for its command and control communications. Victimology.

Government

Government Phishing Encryption Media

Why HYAS? The Secret to Cybersecurity Lies in Interrupting and Updating Causation Chains

Security Boulevard

JUNE 28, 2023

HYAS has a unique approach to cybersecurity and ultimately business resiliency: analyzing data aggregated from private and commercial sources around the world to identify telltale patterns left by malicious actors that enables a mapping from what has happened, to what is happening, and what will happen. I'm glad you asked.

Cybersecurity

Cybersecurity DNS Ransomware Malware

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

Gartner Security & Risk Management Summit 2018 Trip Report

Thales Cloud Protection & Licensing

JUNE 19, 2018

I know you’re thinking, what about “GDPR”? It wasn’t just a depressing litany of new attack vectors, script kiddie tools and Korean hacker nightmare scenarios, but a very sensible approach of controlling risk. They looked at “risk” through analogies, and spoke about what can be controlled and what can’t.

Risk

Risk Digital transformation IoT Firewall

Cyber Adversary Infrastructure, Explained

Security Boulevard

MAY 24, 2023

Stopping attacks early enough in the kill chain requires both the visibility into this communication combined with a strong understanding of what is, and isn’t, adversary infrastructure. What Is Cyber Adversary Infrastructure? Even new malwareless attacks require external communication with adversary infrastructure.

Cyber Attacks

Cyber Attacks Phishing Cyber threats Malware

Using LoRa as a Side Channel

LRQA Nettitude Labs

APRIL 19, 2023

Features of LoRa include media access controls and the encryption transmissions. LoRa is currently being used to provide status and control of devices in remote or inconvenient locations, such as windmills, solar panels and farm watering systems. It can be powered by a USB-C cable for in-the-field deployment or a wall outlet.

Penetration Testing

Penetration Testing Firmware IoT Authentication

The bad old days

Javvad Malik

NOVEMBER 12, 2021

We only had Infosec Europe and the most we got out of there was some free USB sticks… If we were lucky they would be 500 megs. Back then No one knew what secops was all about… There was none of this cyber malarkey we see nowadays. Not even IT in general new what we did. A lotta things have changed since those days.

Passwords

Passwords InfoSec Encryption Accountability

The GDPR, Year II

McAfee

MAY 26, 2020

The only thing left to consider is to what extent the EU Commission will issue an adequacy decision in favour of the UK. Data breaches are not limited to the ones resulting from hackers, but also by a simple data loss such as a corporate USB stick. The post The GDPR, Year II appeared first on McAfee Blogs.

Antivirus

Antivirus VPN Risk Software

The Hacker Mind Podcast: So You Want To Be A Pentester

ForAllSecure

FEBRUARY 23, 2021

Okay, that’s not what I thought an astronomer does. But what does the day to day look like for the average pentester? Vamosi: You’ve undoubtedly seen Kim Crawly’s work; her byline appears on a number of blogs from a number of different outlets. Which brings up a very basic question: What exactly is pentesting?

Penetration Testing

Penetration Testing InfoSec Cyber Attacks Education

The Hacker Mind Podcast: So You Want To Be A Pentester

ForAllSecure

FEBRUARY 23, 2021

Okay, that’s not what I thought an astronomer does. But what does the day to day look like for the average pentester? Vamosi: You’ve undoubtedly seen Kim Crawly’s work; her byline appears on a number of blogs from a number of different outlets. Which brings up a very basic question: What exactly is pentesting?

Penetration Testing

Penetration Testing InfoSec Cyber Attacks Education

Preparing for IT/OT convergence: Best practices

CyberSecurity Insiders

SEPTEMBER 21, 2021

This blog was written by a colleague from Tenable. What is OT vs. IT? What happens when a business makes the strategic decision to NOT converge their IT and OT operations? These often use proprietary network protocols and lack basic security controls like authentication or encryption.

Energy and Utilities

Energy and Utilities Manufacturing Threat Detection Technology

Happy 10th anniversary & Kali's story.so far

Kali Linux

MARCH 28, 2023

Slax - Starting to take it seriously What had started off as a “quick small thing” for single assessment, had started to gain traction. This was at a time when CD-R were at their peak, giving you 650-700 MB and USB media was not yet on the scene. There was then a shift to “Live-Boot” (either CDs or USBs).

InfoSec

InfoSec Penetration Testing Architecture Software

Land Securely on Regulatory Compliance with Thales Luna HSMs

Thales Cloud Protection & Licensing

DECEMBER 12, 2019

Security best practices for encryption key storage, management and protection is critical to protecting valuable data wherever it is located, but implementing the security requirements needed by your organization as well as those of regulatory governing and audit bodies can be a challenge. What is FIPS 140-2 Level 3 Certification?

Firmware

Firmware Backups Encryption Authentication

The Hacker Mind Podcast: Reverse Engineering Smart Meters

ForAllSecure

MAY 13, 2022

After hearing a talk, a Dallas-based hacker set out to find out what was going on inside the smart meter attached to his home, and what he found was surprising. Vamosi: Beginning over a decade ago, in an effort to deal with global warming, countries around the world push to adopt emission control regulations.

Engineering

Engineering Energy and Utilities Computers and Electronics Firmware

Finally, True Unified Multi-Vector Data Protection in a Cloud World

McAfee

DECEMBER 21, 2020

What if they upload sensitive corporate data to a less than secure cloud service? What if employees use their personal devices to download company email content or Salesforce contacts? UCE Protects Against Multiple Data Exfiltration Vectors. Exfiltration to High Risk Cloud Services. Exfiltration from sanctioned cloud services.

Accountability

Accountability Digital transformation Risk Encryption

Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020

Malwarebytes

MAY 9, 2023

Depending on the campaign, attackers managed to exfiltrate snapshots, USB drives, keyboard strokes, and microphone recordings. Military, transportation and critical infrastructure were some of the entities being targeted, as well as some involved in the September East Ukraine referendums. That file will drop two files named iesync.so

Surveillance

Surveillance Accountability DNS Encryption

How to Evaluate the True Costs of Multi-Factor Authentication

Duo's Security Blog

JANUARY 27, 2022

With Duo, we were able to bring consistent security controls across all of our apps by streamlining to one MFA and SSO solution at a much lower total cost of ownership…. The simple subscription-based pricing is easy to manage and we know exactly what we are getting.”

Authentication

Authentication Software Mobile Passwords

Cyber Security Informer

IoT Unravelled Part 3: Security

Kimsuky APT continues to target South Korean government using AppleSeed backdoor

Webinars

Trending Sources

Why HYAS? The Secret to Cybersecurity Lies in Interrupting and Updating Causation Chains

Webinars

Gartner Security & Risk Management Summit 2018 Trip Report

Cyber Adversary Infrastructure, Explained

Using LoRa as a Side Channel

The bad old days

The GDPR, Year II

The Hacker Mind Podcast: So You Want To Be A Pentester

The Hacker Mind Podcast: So You Want To Be A Pentester

Preparing for IT/OT convergence: Best practices

Happy 10th anniversary & Kali's story.so far

Land Securely on Regulatory Compliance with Thales Luna HSMs

The Hacker Mind Podcast: Reverse Engineering Smart Meters

Finally, True Unified Multi-Vector Data Protection in a Cloud World

Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020

How to Evaluate the True Costs of Multi-Factor Authentication

Stay Connected