now browsing by tag
Source: National Cyber Security – Produced By Gregory Evans Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-15625PUBLISHED: 2020-01-18 A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim’s memory processes to extract sensitive information. CVE-2019-19696PUBLISHED: 2020-01-18 A RootCA vulnerability found in Trend […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans It started out like any other online loan. Notre Dame Federal Credit Union reviewed the application. It did the necessary background checks, and authenticated the applicant’s credit score and background. But it wasn’t until a group of borrowers in Missouri abruptly stopped making payments that the […] View full post on AmIHackerProof.com
#cybersecurity | #hackerspace | Less than 10% of enterprise email domains are protected from spoofing — is yours?
Source: National Cyber Security – Produced By Gregory Evans Flaws in email security are among the leading causes of cybersecurity incidents for many organizations. Whether it’s ransomware, business email compromise (BEC) attacks, or a spear-phishing email that leads to cyber criminals gaining access to sensitive data, email is the common denominator. While there are many […] View full post on AmIHackerProof.com
The US government has echoed concerns from the cybersecurity industry that Iranian state hackers could respond to the assassination of a top Tehran general with attacks on US critical infrastructure (CNI).
Widely considered the second most powerful man in Iran, Qassem Suleimani was killed by a US drone strike in Baghdad on Friday.
Military and political leaders in the country have warned of retribution, while signs posted along the vast funeral procession today are reported to have read: “Harsh revenge is awaiting.”
The Department for Homeland Security (DHS) has duly issued an alert warning of a terror threat on home soil, although it admitted “at this time we have no information indicating a specific, credible threat to the homeland.”
However, an attack could come with little or no warning, with cyber a likely vector, it said.
“Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber-enabled attacks against a range of US- based targets,” the notice continued.
“Iran maintains a robust cyber program and can execute cyber-attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
On Saturday, the website of the government-run American Federal Depository Library Program (FDLP) was defaced with an image of a bloodied Donald Trump. Industry experts believe things could escalate even further.
John Hultquist, director of intelligence analysis at FireEye, warned of an uptick in cyber-espionage against government entities, designed to give Tehran a geopolitical advantage, and destructive attacks on CNI.
“Iran has leveraged wiper malware in destructive attacks on several occasions in recent years. Though, for the most part, these incidents did not affect the most sensitive industrial control systems, they did result in serious disruptions to operations,” he added.
“We are concerned that attempts by Iranian actors to gain access to industrial control system software providers could be leveraged to gain widespread access to critical infrastructure simultaneously. In the past, subverting the supply chain has been the means to prolific deployment of destructive malware by Russian and North Korean actors.”
#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
The post #infosec | US Braced for Cyber Retaliation from Iran appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans My family recently saw “Star Wars: The Rise of Skywalker” in a local movie theater, and we were not disappointed. The characters, action, plot, and almost everything else we experienced, met or exceeded our high expectations. As we were leaving the theater, almost everyone had an […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans Israeli Prime Minister Netanyahu seeks immunity from prosecution By Jean Shaoul 4 January 2020 Prime Minister Benjamin Netanyahu has announced that he will officially request that the Knesset (parliament) grant him immunity from prosecution in the three corruption cases he faces, a move aimed at […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans US Department of Homeland Security building, Washington DC AFP via Getty Images In December 2019, the U.S. government issued indictments against two Chinese hackers who were allegedly involved in a multi-year effort to penetrate the systems of companies managing data and applications for customers via the […] View full post on AmIHackerProof.com
It’s been another fantastic year on The State of Security blog. With over 350 blogs published from all walks of the security community, we like to think of the blog as more of an industry resource that caters to not only experienced security professionals but also to those who are new to the community.
To finish the year off, I wanted to look back on some of my personal favorites. I’ve tried to include a mixture of different styles, topics and authors. If you haven’t already, have a read of the 10 State of Security blog posts below and sign up to our daily feed here.
BlueKeep (CVE- 2019-0708) was big news in 2019. The vulnerability was described as “wormable” by Microsoft, and users were warned that BlueKeep might be exploited in a similar fashion to how the WannaCry ransomware used the Eternal Blue vulnerability to spread widely in 2017. As with WannaCry, many organizations were vulnerable to this exploit, especially those who use operating systems like Windows XP. In this blog, ICS security expert, Gary DiFazio looks at the impact this vulnerability has on the ICS environment and provides some tips to help users stay secure.
Read the full blog here.
It’s almost 2020, and phishing attacks still don’t show any sign of slowing down. In this blog, David Bisson looks at six of the most common methods of phishing attacks and then provides useful tips for readers on how they can protect themselves. Also, this blog is complemented by some great graphics to share with your colleagues, family and friends.
Read the full blog on the (Read more…)
The post #cybersecurity | #hackerspace |<p> The Top 10 State of Security Blog Posts from 2019 <p> appeared first on National Cyber Security.
View full post on National Cyber Security