The 2018 NCC Cyber Symposium was an amazing success, with attendees coming from all across the US and abroad. Our team of ace speakers included Gen Michael Hayden, NIST guru Ron Ross, former FBI agent Don Freese and many others. So many of you have already been asking about the 2019 symposium and we’re excited to announce that we’ve selected the dates and tickets are available now at early bird and HUGE member discounts! So, reserve your calendars for Sept 19-20, 2019 and click here for more information and to reserve your place today!
Remember those pictures of hundreds of pallets of unused water sitting on a runway in Puerto Rico? It’s a tough picture of waste that’s repeated all too often when it comes to disaster relief. Well, there’s hope that new blockchain technology could help reduce waste, improve communications and enhance overall effectiveness of relief efforts. We think that’s pretty cool! According to the Defense Logistics Agency (DLA), blockchain technology has “enormous” potentialin helping to improve disaster relief efforts.
Historically, DLA tracks logistics via a centrally managed system, which can be cumbersome and hard to synchronize across all stakeholders. Whereas blockchain could allow the agency (and its partners) to better track data, improving supply chain transactions and in-transit visibility of shipments. Turn out DHS is so excited about the possibility of blockchain solutions that they are offering grants up to $800K for blockchain technology startups. Go blockchain!
https://cyber-center.org/wp-content/uploads/2018/08/anas-alshanti-169265-unsplash.jpg6311000cybercenterhttps://cyber-center.org/wp-content/uploads/2018/12/NCClogo_fullcolor_whiteletters_nobackground-1030x373.pngcybercenter2019-01-15 07:52:402019-01-21 07:54:01Blockchain to the Rescue?
Where’s Jackie Chan when you need him? Last week, a vulnerability on a high performance database known as MongoDB exposed the records of more than 202 million Chinese job-seekers. The records – accessible without authentication to anyone on the Internet – were discovered by one of the wonks at Hacken.io and HackenProof, a bug bounty platform. Though financial information apparently wasn’t at risk, the vulnerability did expose personal data such as name, birthdate, email addresses and driver’s license info. If only Jackie Chan was a trained cybersecurity expert. The bad guys wouldn’t have a chance.
A few months ago, we reported on a series of iPhone apps that had been created as fronts for advertising malware. Well, it happened again, only this time to Google. Last week, Google removed 85 apps from Google Play after discovering that they were pushing aggressive, full-screen ads to Android users. While ads during apps isn’t new or illegal (you know that since you play the free version of WWF or Fortnite), this is different.
Malicious adware bombards users with ads, making money for its makers but annoying the heck out of users, and ultimately damaging the brands that are unsuspectingly pushing ads to these platforms. The guys at Trend Microspotted the deviant apps, (like Easy Universal TV Remote, which was downloaded more than 5 million times), and reported the activity to Google who promptly removed them. It’s a good idea to use an antivirus application on your device and before you download anything, always check for anything suspicious and read the reviews. Note to self.
As the New Year kicks in, the cyber experts around the world are offering their predictions for 2019. Over the next few weeks, we’ll cover some of these as well as serve up a few of our own. For years, hackers have focused on stealing data that they could sell; things like personal information and intellectual property. But things are changing — an alarming trend recently has been the rise of attacks on infrastructure including manufacturing, energy and transportation. Looking ahead, it’s safe to say that we can expect these industrial cyber attacks to continue and even increase.
According to vArmour’s Mark Weatherford, “an Industrial Control System attack on the energy sector would geographically impact citizens in the United States. There is increasing evidence that foreign governments have been roaming around the networks of US energy companies, which is typically the kind of reconnaissance activity that precedes an attack. These attacks have happened in other countries yet there is still the misplaced mythology in many traditional energy companies that the control system environments and the common IT business environments are isolated from each other. It’s. A. Myth.”
No, the witches haven’t taken over. And we’re not talking about bullets here. In fact, we’re not even talking about the actual town of Salem. We’re talking about the massive online game “Town of Salem” that’s played by nearly 8 million people worldwide. Last week the popular browser-based online version of the classic party game “Mafia,” was hacked and its users data was compromised. Though credit card information seems to be safe, user data such as email addresses, usernames and hashed passwords were among the hijacked information. The makers of the game will be doing “hard resets” and requiring all users to input new passwords, just to be safe. Um, we should hope so.
https://cyber-center.org/wp-content/uploads/2018/12/NCClogo_fullcolor_whiteletters_nobackground-1030x373.png00cybercenterhttps://cyber-center.org/wp-content/uploads/2018/12/NCClogo_fullcolor_whiteletters_nobackground-1030x373.pngcybercenter2019-01-08 07:50:262019-01-21 07:50:50Town of Salem Under Attack! (sort of)
A few days ago, German media announced that it experienced its largest and most dangerous hack on German officials; including politicians, journalists and other public figures. Including German Chancellor Merkel. The government and the press immediately suspected several known cyber terrorist groups and went on the hunt. It turns out that the hacker was a local resident who was upset about recent political statements. It’s alarming that the data breach included sensitive information including phone numbers, private chats, credit card information and even home addresses and identity card numbers. It’s even more alarming that the hack was perpetrated by a 20 year old student with relatively little computer experience at all.
https://cyber-center.org/wp-content/uploads/2018/12/NCClogo_fullcolor_whiteletters_nobackground-1030x373.png00cybercenterhttps://cyber-center.org/wp-content/uploads/2018/12/NCClogo_fullcolor_whiteletters_nobackground-1030x373.pngcybercenter2019-01-08 07:49:372019-01-21 07:50:1720 Year-old Busted in Biggest Ever German Breach
Remember newspapers? Yeah well, believe it or not there are actually people that still read them. And apparently, there are other people that don’t like them. Like, at all. Over the weekend, a cyber-attacker took aim on the printing and delivery systems of a slew of news rags, including the LA Times, the Chicago Tribune and the Baltimore Sun.
The LA Times reported that the attack, which appeared to originate outside the US, caused distribution cancellations or delays for numerous papers that share its production facilities, including the Wall Street Journal. The only good news is that the attack was limited to production and did not compromise any sensitive customer data. Where’s Clark Kent when you need him?
Unless you’re living on another planet, you’ve probably heard about the new Netflix thriller Birdbox, featuring Sandra Bullock (and a scary monster you never actually see). Don’t tell us what happens — we haven’t seen it yet. But apparently, over 45 million people have. Unfortunately, the massive win for Netflix has been the perfect setup for the bad guys.
The FTC has issued a warning about a new phishing scam that targets Netflix customers and snatches up their payment information. The fake email looks like the real deal from Netflix and warns customers that their account is on hold due to billing issues. No matter how much you want to watch Mrs. Bullock, don’t do it! Netflix says it will never ask for personal information to be sent via email and suggest logging onto its website if you suspect that there might actually be a billing issue. Be safe. . . and watch out for the monsters!
In 1988, Ernest saved Christmas (just ask anyone born before 1975). Well, in 2018, the FBI did the job. Last week, the U.S. Justice Department announced that they had seized the domains of more than a dozen DDoS-for-hirewebsites. Basically, these sites rent out access to infected devices or networks, allowing them to be exposed to denial-of-service (DDoS) attacks, disrupting user access. In the past few years, hackers have ruined Christmas Day for millions of gamers by holding the likes of PlayStation & Xbox hostage using massive DDoS attacks. Fortunately, this year the FBI was on the lookout. And 15 year-olds around the world thank you.
Register Now! 2019 Cyber Symposium Sept 19-20
CyberBriefThe 2018 NCC Cyber Symposium was an amazing success, with attendees coming from all across the US and abroad. Our team of ace speakers included Gen Michael Hayden, NIST guru Ron Ross, former FBI agent Don Freese and many others. So many of you have already been asking about the 2019 symposium and we’re excited to announce that we’ve selected the dates and tickets are available now at early bird and HUGE member discounts! So, reserve your calendars for Sept 19-20, 2019 and click here for more information and to reserve your place today!
Blockchain to the Rescue?
CyberBriefRemember those pictures of hundreds of pallets of unused water sitting on a runway in Puerto Rico? It’s a tough picture of waste that’s repeated all too often when it comes to disaster relief. Well, there’s hope that new blockchain technology could help reduce waste, improve communications and enhance overall effectiveness of relief efforts. We think that’s pretty cool! According to the Defense Logistics Agency (DLA), blockchain technology has “enormous” potentialin helping to improve disaster relief efforts.
Historically, DLA tracks logistics via a centrally managed system, which can be cumbersome and hard to synchronize across all stakeholders. Whereas blockchain could allow the agency (and its partners) to better track data, improving supply chain transactions and in-transit visibility of shipments. Turn out DHS is so excited about the possibility of blockchain solutions that they are offering grants up to $800K for blockchain technology startups. Go blockchain!
Talk About Getting Shanghai-ed
CyberBriefWhere’s Jackie Chan when you need him? Last week, a vulnerability on a high performance database known as MongoDB exposed the records of more than 202 million Chinese job-seekers. The records – accessible without authentication to anyone on the Internet – were discovered by one of the wonks at Hacken.io and HackenProof, a bug bounty platform. Though financial information apparently wasn’t at risk, the vulnerability did expose personal data such as name, birthdate, email addresses and driver’s license info. If only Jackie Chan was a trained cybersecurity expert. The bad guys wouldn’t have a chance.
Google Takes Down 80+ Fake Apps
CyberBriefA few months ago, we reported on a series of iPhone apps that had been created as fronts for advertising malware. Well, it happened again, only this time to Google. Last week, Google removed 85 apps from Google Play after discovering that they were pushing aggressive, full-screen ads to Android users. While ads during apps isn’t new or illegal (you know that since you play the free version of WWF or Fortnite), this is different.
Malicious adware bombards users with ads, making money for its makers but annoying the heck out of users, and ultimately damaging the brands that are unsuspectingly pushing ads to these platforms. The guys at Trend Microspotted the deviant apps, (like Easy Universal TV Remote, which was downloaded more than 5 million times), and reported the activity to Google who promptly removed them. It’s a good idea to use an antivirus application on your device and before you download anything, always check for anything suspicious and read the reviews. Note to self.
Looking Ahead: Energy Infrastructure
CyberBriefAs the New Year kicks in, the cyber experts around the world are offering their predictions for 2019. Over the next few weeks, we’ll cover some of these as well as serve up a few of our own. For years, hackers have focused on stealing data that they could sell; things like personal information and intellectual property. But things are changing — an alarming trend recently has been the rise of attacks on infrastructure including manufacturing, energy and transportation. Looking ahead, it’s safe to say that we can expect these industrial cyber attacks to continue and even increase.
According to vArmour’s Mark Weatherford, “an Industrial Control System attack on the energy sector would geographically impact citizens in the United States. There is increasing evidence that foreign governments have been roaming around the networks of US energy companies, which is typically the kind of reconnaissance activity that precedes an attack. These attacks have happened in other countries yet there is still the misplaced mythology in many traditional energy companies that the control system environments and the common IT business environments are isolated from each other. It’s. A. Myth.”
Town of Salem Under Attack! (sort of)
CyberBriefNo, the witches haven’t taken over. And we’re not talking about bullets here. In fact, we’re not even talking about the actual town of Salem. We’re talking about the massive online game “Town of Salem” that’s played by nearly 8 million people worldwide. Last week the popular browser-based online version of the classic party game “Mafia,” was hacked and its users data was compromised. Though credit card information seems to be safe, user data such as email addresses, usernames and hashed passwords were among the hijacked information. The makers of the game will be doing “hard resets” and requiring all users to input new passwords, just to be safe. Um, we should hope so.
20 Year-old Busted in Biggest Ever German Breach
CyberBriefA few days ago, German media announced that it experienced its largest and most dangerous hack on German officials; including politicians, journalists and other public figures. Including German Chancellor Merkel. The government and the press immediately suspected several known cyber terrorist groups and went on the hunt. It turns out that the hacker was a local resident who was upset about recent political statements. It’s alarming that the data breach included sensitive information including phone numbers, private chats, credit card information and even home addresses and identity card numbers. It’s even more alarming that the hack was perpetrated by a 20 year old student with relatively little computer experience at all.
Major Newspapers Hacked
CyberBriefRemember newspapers? Yeah well, believe it or not there are actually people that still read them. And apparently, there are other people that don’t like them. Like, at all. Over the weekend, a cyber-attacker took aim on the printing and delivery systems of a slew of news rags, including the LA Times, the Chicago Tribune and the Baltimore Sun.
The LA Times reported that the attack, which appeared to originate outside the US, caused distribution cancellations or delays for numerous papers that share its production facilities, including the Wall Street Journal. The only good news is that the attack was limited to production and did not compromise any sensitive customer data. Where’s Clark Kent when you need him?
Netflix, Birdbox & Email Scams
CyberBriefUnless you’re living on another planet, you’ve probably heard about the new Netflix thriller Birdbox, featuring Sandra Bullock (and a scary monster you never actually see). Don’t tell us what happens — we haven’t seen it yet. But apparently, over 45 million people have. Unfortunately, the massive win for Netflix has been the perfect setup for the bad guys.
The FTC has issued a warning about a new phishing scam that targets Netflix customers and snatches up their payment information. The fake email looks like the real deal from Netflix and warns customers that their account is on hold due to billing issues. No matter how much you want to watch Mrs. Bullock, don’t do it! Netflix says it will never ask for personal information to be sent via email and suggest logging onto its website if you suspect that there might actually be a billing issue. Be safe. . . and watch out for the monsters!
The FBI Saves Christmas
CyberBriefIn 1988, Ernest saved Christmas (just ask anyone born before 1975). Well, in 2018, the FBI did the job. Last week, the U.S. Justice Department announced that they had seized the domains of more than a dozen DDoS-for-hirewebsites. Basically, these sites rent out access to infected devices or networks, allowing them to be exposed to denial-of-service (DDoS) attacks, disrupting user access. In the past few years, hackers have ruined Christmas Day for millions of gamers by holding the likes of PlayStation & Xbox hostage using massive DDoS attacks. Fortunately, this year the FBI was on the lookout. And 15 year-olds around the world thank you.