Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Who Is Learning How to Take Down the Internet?

It was all over the news. A sustained DDoS attack that caused outages for a large number of Web sites Friday was launched with the help of hacked “Internet of Things” (IoT) devices. Jeff Jarmoc tweeted: "In a relatively short time we've taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters." True words, since there are now specialized worms that infect just IoT devices. 

Early Friday morning cyber criminals trained their DDoS attack on Dyn, an Internet infrastructure company that provides critical DNS technology services to major websites. The attack immediately created problems for Internet users of Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.

Researchers discover new malicious IoT worm

Researchers at RapidityNetworks discovered a new malicious worm using Telnet that infects IoT devices using their insecure default credentials and uses a peer-to-peer network to install itself on vulnerable devices. it is rapidly spreading and at this time has likely topped 200,000 infections. The worm was dubbed Hajime and is similar to the Mirai malware but it is unclear if Hajime is based on Mirai source code. 

Is Security Making The Grade? What IT And Business Pros Really Think

Great joint survey by CSO, CIO and ComputerWorld by Amy Bennett which is excelllent ammo to add to a budget request that needs to be approved by a C-level exec. Here's why:

"If you sense some discontent in how information security is handled in your company, you're not alone. Half of the 287 U.S.-based IT and business pros who responded to a recent survey from CSO and its sister sites CIO and Computerworld gave their organizations' security practices a grade of C or below.

IT Security Is A Protoscience, Think 19th Century Chemistry

So I get the Andreessen Horowitz newsletter. It has a topic called "Security is a protoscience (and more on 'so you want to work in security') - Michal Zalewski" I'm intrigued so I click on it and I get a short blog post that lays it out pretty clearly. This is a cross-post of what he states, and I have to admit what Michal states rings true. You can discuss it on his blog. 

Why does Kevin Mitnick recommend 20-character passwords?

The background is based on current state-of-the-art password cracking technology.

In short, hackers penetrate the network, get access to a domain controller and pull the file with all user names and passwords out.

Personal security cameras hacked, stream live on websites

Shocking video of people's private lives are streaming over the internet.

Hackers are able to easily tap into personal security cameras and stream them on websites for the world to see, and it can happen in a matter of 10 seconds. Most if not all the owners of these devices have no idea they are being watched.

It's happening in Tampa Bay and the ABC Action News I-Team found some video they should never be able to see. They recently interviewed KnowBe4 CEO Stu Sjouwerman in our Clearwater office. 

New Study Shows Your Apps Could Be Putting Your Personal Information At Risk

A recent study by Cloudlock, a cyber security company, revealed several popular apps that could allow hackers an easy gateway to access your personal information. 

Intel Thinks Antivirus Is Shit And Dumps Useless McAfee

Remember that in a gray past, Intel had an antivirus product called Intel LanDesk Virus Protect? Well, that Intel LanDesk Virus Protect got acquired by Symantec in 1998, and Intel must have thought "good riddance".

Apparently Intel's institutional knowledge got lost or was disregarded. Another CEO took the reigns 12 years later and in 2010 surprised everyone by acquiring Symantec's arch-rival McAfee for over $7.6 billion, apparently expecting a lift from the hot security market. Well, that only happens when you buy the right product. The plan was to embed cybersecurity functionality on Intel chips but that was never completed. 

New KnowBe4 Survey: Ransomware Infections Double In Two Years

We have just released the first long-time study focusing on IT Pros experience with ransomware. In June 2016 we surveyed 1,138 companies in a variety of industries and compared your levels of concern about ransomware in 2014 to 2016. It's not a pretty picture. 

InfoSec Analyst: "We Make People Suck At IT Security"

IT Security analyst Ben Tomhave calls himself an infosec obsessive and I admire his insightful analyses when they appear. This time he commented on the recent attacks that followed the Verizon Data Breach reports.

His blog post is an excellent perspective on the current state of security and he broke it apart in three sections. The first is about the woes of patching and he nails it. The second is about people and I'll quote him here:

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews