now browsing by tag
Source: National Cyber Security – Produced By Gregory Evans Was it the whipping up of white working-class voters in Trump’s election campaign? Or the toxic debate around immigration during the Brexit referendum? Or was it as early as the birth of social media, when a platform was handed to racists? However it happened, public discourse […] View full post on AmIHackerProof.com
While the commercial aviation industry is struggling to even acknowledge threats to cybersecurity, the business aviation industry has already experienced attacks, according to Josh Wheeler, Satcom Direct director, entry into service.
“The attacks are happening while the aircraft is airborne,” Wheeler explained. “The attacks, just like the ones that corporations like Walmart have experienced, are most likely coming from the ground. The key point to remember is that if you can see the Internet when a passenger connects, then the Internet can see you. It’s not really about the satellite. The satellite is just the means to deliver Internet capabilities to the aircraft. In addition, there are security issues with the flight department, for example, any time an aircraft has an open Wi-Fi network operating in the cabin, there is a risk of hacking.”
Cybersecurity threats challenge one of business aviation’s greatest attributes: security of trade secrets from prying eyes. There is also the risk of hacking aboard commercial aircraft. In an attempt to get ahead of the issue, Satcom Direct (Booth H1214) is offering monitoring systems and classes in cybersecurity literacy.
“We saw a huge gap in security because there are certain assumptions made in aviation that, if you are flying, no one can touch you,” Wheeler told AIN. “We need to change the conversation. An IP is an IP and it is irrelevant where it is. Just because you are at altitude doesn’t mean you are safe. People have this huge disconnect. They don’t understand the components of the aircraft, and that creates the perfect storm. Corporate IT people don’t want to get involved because they think they are secure. Flight crews don’t know anything, so they think there is not a problem.”
Wheeler sees threat attempts daily but he said, so far, no one has quantified the threat so there are no statistics on how many attacks there have been or what they were. “Once we started evaluating the traffic we were seeing daily attacks.”
It is not just business aviation passengers who are vulnerable, he added. If someone brings aboard an infected computer on a commercial flight and connects to an airline’s Wi-Fi system, an entire cabin can be compromised.
“So far there has not been a breach in aircraft systems or avionics,” he said. “We see phishing scams all the time where someone calls the flight department [and], in the interest of good customer service, employees reveal a lot of information that can be used to compromise the system. We’ve been pushing for years to develop awareness because a lot of folks don’t understand and that means there is no priority or focus on the problem. We see our courses as ice breakers, raising the issue and saying you need to be aware of the cybersecurity issues surrounding your travel.”
Wheeler went on to describe two inflight incidents aboard a Falcon 7X and a Gulfstream G550.
“One of our clients had a Windows-based maintenance laptop with a number of issues, including viruses,” Wheeler explained. “Likely through a virus, the attacker tried to obtain information such as log-ons to financial sites. Our threat-monitoring system pinpointed and caught the nefarious activity, which allowed us to alert the clent, who removed the compromised machine, and the aircraft retained its integrity. This incident underscores the vigilance required with laptop security and keeping its antivirus up-to-date.”
Another client, after expressing skepticism of Satcom’s threat-monitoring service, was swayed. Within a few days of the customer’s signing up for the service, Satcom Direct “noticed a hack that attempted to exploit a vulnerability in a laptop’s outdated version of Adobe Reader to try and compromise the network,” Wheeler said. “Instantly three active viruses attacked that laptop. Our threat-monitoring system stopped these virus attacks and we let the client know. We were not privy to whether there were any additional consequences.”
In a recent attack on a customer, hackers tried to install a keylogger geared toward ecommerce and banking sites, by capturing passwords and user names. In another incident the guest of a client was connected to the Wi-Fi during a flight, and Satcom Direct’s threat-onitoring system detected malware originating from the guest’s laptop. The client was notified and the laptop was shut down.
He added, “A lot of the hacks have been financially driven, but…others just want to crash the system rather than extract information out of it.” The point, he said, is that users need to take precautions.
IF WE CAN DO IT, ANYONE CAN
Satcom Direct director of training Mark Mata agrees. “Something as innocent as opening an email or clicking on links, or even using an infected USB drive in a network computer can result in a serious breach,” he said, adding that the course offered by Satcom Direct is designed to inform end users about what to do and what not to do. “It’s surprising how little thought many of us give to cyber security in our day-to-day actions, but cyber attacks are on the increase. Human error has been identified as the leading cause of cybersecurity incidents, and end-user education is one of the top ways to prevent network infection.”
Part of the company’s services include penetration testing to see what systems are vulnerable on board aircraft.
“If we can get around their systems then others can too,” said Wheeler. “It is really no different than hacking a neighbor’s network. We identify holes and help the flight department remedy it. In-flight networks are vulnerable to the same network security threats as the home or office network.”
The company does cyber hygiene evaluations along with a security risk assessment and threat analysis and prevention. It also offers its own private network for use by companies that want to secure their communications, avoiding the public Internet and protecting end-user communications.
Wheeler explained what that looks like. “We do on-site risk assessments and address disconnects in understanding between corporate IT and flight departments. We assess the flight department and interview everyone from dispatchers, to pilots, to receptionists and maintenance personnel to teach them how to be aware that what may seem like an innocent phone call asking about their operation actually may be a phishing expedition.”
HOW TO SECURE THE ENVIRONMENT
Business aircraft have higher end equipment and more specialized routers than commercial aircraft. Still, that doesn’t mean they can’t be penetrated, Wheeler noted. So what can passengers do to ensure they are secure on board?
Passengers should have their own preflight checklist, advises Wheeler, including running virus scans and updating software before the flight. He also recommended updating malware and adware programs and seeking recommendations from the corporate IT department.
Then there is the obvious.
“Don’t have an easy password,” he said. “We have seen a lot of people who have 12345678 as their password. And don’t use your tail number as the password. We see that all the time. We’ve also seen people who have had a system they question and they haven’t addressed it and [the problem has] been in there for six months or more.
“Our primary concern is the integrity of our client’s systems. We use fact tactics not scare tactics by raising awareness. One of the biggest questions we ask is whether they use third-party companies and what those companies are doing to secure your information.”
The post Cyber-Security #Attacks Already #Happening in #Business #Aviation appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
A week after details about a severe Microsoft Office vulnerability came to light, at least one criminal group is now using it to infect users.
The group is not your regular spam botnet, but a top cyber-criminal operation known to security researchers as Cobalt, a hacking outfit that has targeted banks, ATM networks, and financial institutions for the past two years.
CVE-2017-11882 used by Cobalt hacking group
According to Reversing Labs, a UK-based cyber-security firm, the Cobalt group is now spreading RTF documents to high-value targets that are laced with exploits that take advantage of CVE-2017-11882.
This is a vulnerability in the Office Equation Editor component that allows an attacker to execute code on victims’ computers without user interaction.
You don’t need a grizzled veteran of the infosec community to tell you that a vulnerability with such results would be incredibly valuable for any cyber-criminal organization.
Besides the damage this vulnerability can do, Cobalt’s quick adoption of CVE-2017-11882 was most likely aided by the availability of four proof of concept (PoC) exploits that have been published online in the past week [1, 2, 3, 4].
According to Reversing Labs, the Cobalt is currently sending emails laced with a booby-trapped RTF file that would utilize a CVE-2017-11882 exploit to download and run additional malicious files. The infection chain would go through multiple steps, but in the end, it would download and load a malicious DLL file that has yet to be analyzed in more depth.
Proofpoint Matthew Mesa also saw the same emails, but saw a slightly different exploitation chain.
Cobalt has jumped on Microsoft bugs before
As for the Cobalt group, they have a history of jumping on Microsoft bugs as soon as they’re disclosed and weaponizing them for their campaigns. The same thing happened with CVE-2017-8759, a remote code execution vulnerability that affected the .NET Framework, patched by Microsoft in the September 2017 Patch Tuesday.
Security firms first started documenting the Cobalt group in 2016, when it was spotted hitting ATMs and financial institutions across Europe. The group then spread to targets in the Americas, and later also targeted Russian banks, using the ex-Soviet space as a testing ground for new attacks, before it moved to more wealthy targets elsewhere.
The group’s most well-known malware family is Cobalt Strike, named after an eponymous commercial penetration testing software because it uses some of its components.
Patch now, before vulnerability is exploited en masse
As we’ve seen in the past, it doesn’t take too long for a vulnerability to trickle down from professional cyber-criminal groups to spam botnet herders once public PoCs are available.
Users should apply Windows updates KB2553204, KB3162047, KB4011276, and KB4011262, included in the November 2017 Patch Tuesday, to guard against CVE-2017-11882 exploitation.
The post A #Hacking Group Is #Already #Exploiting the #Office #Equation Editor #Bug appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
A report by internet security experts, Symantec, says that a hacking group called Dragonfly 2.0 has gained access to 20 power company networks. The American power grid has been hacked, but for some reason, the culprits restrained themselves from taking down the power like they did in Ukraine recently. The targets…
The post Cyber Warfare Is The Future – Has Our Power Grid Already Been Hacked? appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Your ads will be inserted here byEasy Plugin for AdSense.Please go to the plugin admin page toPaste your ad code OR Suppress this ad slot. One hacker was already able to develop an iOS 9.3.3 jailbreak but he does not want to share the method and files to others who want to modify their version […] View full post on AmIHackerProof.com | Can You Be Hacked?
Even before the Obama administration issued guidance on how schools should treat transgender students, many were working to accommodate them in areas like pronoun use and facilities access.
View full post on Education Week: Bullying
#pso #htcs #b4inc
The post Many Schools Already Accommodate Transgender Students – Rules for Engagement – Education Week appeared first on Parent Security Online.
View full post on Parent Security Online
SALT LAKE CITY — It’s tax season, which means it’s also identity theft season. According to the IRS, filing tax returns under someone else’s name is one of the biggest crimes they look for. “I’ve never been in the victim category before,” said Chris Wittner of Layton. Wittner tried to file his tax returns earlier this week. Then he found out that they had already been filed by someone else, who cashed a rebate check in his name for $3,500. “They completely made up my W2 figures, and they walked away with more than triple what I was going to get back any way,” Wittner said. Wittner is not alone. The IRS stopped 4 million tax returns with stolen names last year, which equaled out to $8 billion in phony refunds. “It’s not comfortable being a statistic, you don’t ever think about it until it actually happens to you, and what’s frustrating is I can’t think of anything I could have done to prevent it,” Wittner said. The IRS said it only takes a few pieces of key information, like a birth date and social security number, and people can submit someone else’s returns. “If they made up a driver’s […]
The post When filing taxes Layton man find identity thief already claimed his return appeared first on National Cyber Security.
View full post on National Cyber Security
Think you might be in an exclusive relationship…but haven’t had “the talk?” These 19 signs show you’re definitely exclusive, without the dreaded DTR. Occasionally, when you’ve been dating someone for a while and haven’t had “the talk,” your fling can turn into a lot more without you even knowing. Read More….
The post 19 Sure Signs You’re in an Exclusive Relationship Already appeared first on Dating Scams 101.
View full post on Dating Scams 101
For several years now, privacy advocates in the Middle East and North Africa have grappled with the impact of targeted surveillance technologies on various communities in their countries. These tools, sold by unscrupulous European companies to some of the world’s least democratic governments, have been increasingly used to spy on activists, often without any legal mandate. This summer’s Hacking Team leaks confirmed the extent to which the spyware industry hasspiraled out of control. Often signed by the company’s CEO with fascist-era slogans, emails between the company and its government purchasers show that the company’s previous claims—that they don’t sell to repressive regimes—were bald faced lies. While the University of Toronto’s Citizen Lab had previously unearthed the sale of Hacking Team tools to some countries in the region, the leaks showed that the company’s reach is farther than previously imagined: Lebanon, Tunisia, Morocco, Egypt, Oman, Bahrain, Iraq, Saudi Arabia, Sudan, and the United Arab Emirates have all emerged as clients of Hacking Team at one time or another. Reactions from across the region vary from anger to utter rage. In a piece entitled, “Hacking Team: The company that spied on you during the revolution!” [fr], Tunisian group Nawaat shows that the […]
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
The post Hacking Team Leaks Confirm What Arab Privacy Advocates Already Knew appeared first on National Cyber Security.
View full post on National Cyber Security