11. September 2017 16:36 by GortSecurity
Hackers have had access to Equifax' networks now for three months from May to July 2017. The information lost contains full names, addresses, birth dates, social security and driver's license numbers for up to 143 million people.
Additionally Equifax has lost credit card numbers and payment details for over 209,000 of its customers.
It took Equifax five weeks to disclose the breach, during which time three senior executives sold almost $2 million worth of company stock before the news broke.
If you think you were pwn3d, Here is a list of things you can do to help protect yourself. I would NOT subscribe to LifeLock, as it's an expensive sham. Everything LifeLock offers you can do yourself for free, or really cheap.
26. June 2017 08:27 by GortSecurity
in Breach, Security
The UK Parliament's email system was hit by a cyber-attack on Friday morning that compromised at least 90 email accounts belonging members of parliament and their staff. The accounts breached were all protected by weak passwords. As a precaution, external access to the Parliament's email system has been shut off.
MP Henry Smith posted about the matter on Twitter...
The Commons Press Office released a statement regarding the incident on their twitter feed.
22. June 2017 09:09 by GortSecurity
The NSA has created a GitHub account and 32 projects related to their work in cyber security.
Since Edward Snowden released gobs of NSA technology and information to the world in 2013, they have been slowly opening themselves up They created the GitHub account around the same time as the Snowden leaks and are now beginning to open-source their tools.
Not all of the projects are new, unknown tools. SOme of them have been in the public domain for a while and are just now being opened up by the agency themselves.
Some of the more interesting NSA projects on GitHub:
Identifies unexpected and prohibited Certificate Authority certificates on Windows systems.
CONTROL FLOW INTEGRITY RESEARCH
A proposed hardware-based method for stopping known memory corruption exploitation techniques described in the “Hardware Control Flow Integrity for an IT Ecosystem” research paper.
An easy to use and portable Virtual Private Network system built with Linux and a Raspberry Pi 3.
Log-based transactional graph database engine backed by a single file. The primary use case is to support streaming seed set expansion, iterative correlation, and recursive file processing.
Verifies system integrity by establishing a baseline measurement of a system’s Trusted Platform Module (TPM) and monitors for changes in that measurement. Originally based on NSA’s Host Integrity at Startup (HIS) software.
A modular suite of “plug and play” services and capabilities, allowing organizations to customize the suite to meet their specific environments.
An Active Cyber Defense development framework enabling orchestration capabilities to be written once and then deployed across WALKOFF-enabled orchestration tools.
The NSA's Technology Transfer Program (TTP).
The NSA Technology Transfer Program (TTP) transfers NSA-developed technology to industry, academia, and other research organizations, benefitting the economy and the Agency mission. The program has an extensive portfolio of patented technologies across multiple technology areas. For a full listing of our patented technologies, please click on the following link: NSA Technologies Available to License
Cyber-crime is big business. The fact is that securing online systems can be terribly difficult. Software is complex and ensuring that there are no easily exploitable vulnerabilities in your online systems takes constant vigilance. Security testing alone won't protect you. Secure architecture alone won't protect you. Continuous static code analysis alone won't protect you. It takes all of the above and more.
You need security awareness across all facets of your business. You need security-aware software architects and developers, as well as security-aware product management, project management, SDLC management and C-level leadership and indications are that they will become more and more expensive and hard to find over the course of the foreseeable future.
Cyber-security labor crunch to hit 3.5 million unfilled jobs by 2021
"Every IT position is also a cybersecurity position now" according to the Cybersecurity Jobs Report, 2017. "Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure, and people."
This article from September 2016 shows that the industry hit a zero-percent unemployment rate at that time, with over 1 million un-filled positions. That's a actually a substantial negative unemployment rate. It's been almost a year since, and the demand is only rising.
This trend should be alarming to business owners and IT directors. If you are involved in IT then you should be building hiring and retention policies that will make you competitive in the security-focused job market. Cyber-security experts, developers and architects earning quite a bit more than their supervisors and managers is something we all need to get used to.