Many modern forms of malware are now file-less and rely on Command & Control (C2) infrastructure to assist outsiders with gaining unauthorized access to networks. This malware “phones home” to remote attackers, who then leverage the internal foothold to infiltrate networks and execute attacks. These attacks can be difficult to detect when security monitoring is limited to periodic vulnerability and compliance […]
Developing a cyber security baseline can be daunting. Oftentimes the burden falls on the Chief Information Officer or Chief Technology Officer. Before implementing any tool or assessments, management should establish a security baseline.
I recently finished the book “Traction” by Gino Wickman. Next to Scaling-Up by Verne Harnish, I think it is one of the most actionable business books I’ve ever read. Our team has informally adopted both books as part of the risk3sixty cannon. While the book is largely about building a great running business – […]
Security Researchers Identify Critical Vulnerabilities in AMD Chips: Chimera, Ryzenfall, Masterkey and Fallout
Critical Vulnerabilities in AMD Chips
Security researchers at CTS-Labs, based out of Israel, disclosed 13 critical vulnerabilities and backdoors in certain AMD chips used in workstations, laptops and servers. Successful exploitation of these vulnerabilities could grant deep system access to attackers from which they could launch malware attacks undetected.
The vulnerabilities are four in name:
1 | Chimera – Two sets of backdoors in […]
Most executives realize that information security (and cybersecurity) is a rising threat within their organization. This is the new normal in the digital economy. As result information security professionals that used to be viewed as technical practitioners are finding seats at the executive table and at with the board of directors.
The problem for most organizations trying to build an information security […]
On February 21, 2018, the SEC issued new guidance on cybersecurity disclosures for public companies. As an “interpretive release,” the new guidance interprets existing laws. In this case, the SEC has clarified the statutes that may affect reporting of cybersecurity risks and incidents. The guidance also addresses various costs and consequences of cybersecurity […]
They Petya Ransomeware outbreak is the second such global attack in the last couple of month. The malware is spreading using same Microsoft Windows vulnerability that was exploited by the recent WannaCry ransomware event.
A major cyberattack took place this past week. The attack impacted organizations in over 100 counties including the British National Health Service, FedEx, Spanish telecom company, Telefónica, and multiple universities in Asia.
The culprit is the Wannacry ransomware worm. The worm is most commonly introduced through infected email. When the user clicks on the infected attachment, the malware starts running and propagates […]
Until recently the security concerns associated with IoT devices have been mostly speculative. It’s easy to ignore how a webcam or a inexpensive gadget might be a cyber-security concern. Most people don’t think in terms of […]
Recently I was asked by a CIO to think of and execute a simple attack at a manufacturing facility as part of an ongoing initiative to enhance cyber security awareness. I’m not at all a penetration tester or ethical hacker, but there are a few very simple “attacks” that almost anyone can execute.
In this instance I will describe how you can […]