Trump and NATO May Not be on the Same Page

14 July 2017 in Digital Download

Trump and NATO May Not be on the Same Page

NATO said this week it will be extending cybersecurity help to the Ukrainian government. It’s in response to the wake of the June malware attacks that disrupted private and public sector institutions in the country, including banks and Ukrainian government agencies. Meanwhile, Trump tweeted after his G20 meeting with Putin that he’d discussed “forming an impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded and safe.” Either Trump is major denial about Russia’s activities, or he is employing the same strategy I use when I give the sketchy looking guy downtown $5 to “keep an eye on my car”. Read more >

Running Against Trump is Now an Indicator of Compromise

In other Russian hacking news, which I am sure has absolutely no connection to Trump and Putin’s meeting (see above), a Twitter account tied to a Russian hacking group posted a message Wednesday that alleges Ukrainian government officials and businessmen laundered money and sent it to Hillary Clinton by making donations to the Clinton Foundation. It’s all these backroom deals by both parties with the Ukraine and Russia that makes you really miss the USSR. The Olympics were more compelling, and the ever-present threat of nuclear annihilation really helped you appreciate the little things. Those were the days! Read more >

Turns Out it Wasn’t a Hard Worker With a Killer Commute

Data breaches at both Hard Rock Hotels & Casinos and Loews Hotels were reported this week. For seven months, attackers had unauthorized access to a third-party reservation system, which allowed them to attain unencrypted credit card payment information, as well as guest names, addresses, and phone numbers. According to the report, the threat actor gained access to a used unnamed user’s account credentials to access and then exfiltrate data. A Sabre employee, who wishes to remain anonymous (because I made him up), said “In hindsight, maybe we should have been suspicious when that guy from accounting logged in from China every night.” Read more >

Can you hack me now?

Verizon reported a recent data breach that affected millions of customer accounts. Data on "as many as 14 million" Verizon customers was readily available to download after an employee at Nice Systems left them on an unsecured Amazon server. "As a media outlet recently reported, an employee of one of our vendors put information into a cloud storage area and incorrectly set the storage to allow external access," a Verizon spokesperson told CNBC on Wednesday. When asked for comment, the employee said, “I’m so disappointed this happened – I knew I should have stayed at Sabre.” Read more >

To Err to Use a Proxy is Human

A man in Pennsylvania who had been sentenced to one year and one day in prison, said he was just being a jerk when he logged into base stations owned by his ex-employer that controls access to smart water meters and disrupted the business of municipal water utilities across three states. (His interview and confession are a great read: https://regmedia.co.uk/2017/06/26/flanagan.pdf). This is a good example of how policy can protect an organization. I don’t mean a “don’t hire jerks policy” – too many people would be unemployed. In this case, it would have made sense to have individual access credentials that are disabled when an employee is terminated. The other lesson here is for those people that are vindictive, if you can’t learn to forgive and forget, at least learn to mask your IP. Read more >