Cybersecurity Starter Pack for your Non-technical friends

https://victoria.dev/blog/your-cybersecurity-starter-pack/

5 Remote Work Trends to Watch For

Excellent article by Naveen Zutshi, CIO of Palo Alto Networks. In terms of security issues, he hit the nail on the head. I also agree that more cloud deployments will accelerate.

Episode 2 PRIVY Podcast

https://privy.simplecast.com/episodes/interview-with-terry-ziemniak-president-of-north-wonders

New Podcast – PRIVY – All things security and privacy

Tune in to our inaugural podcast “Privy” – All things security and privacy. privy.simplecast.com

Protecting Health IT infrastructure from DDoS Attacks

http://hitinfrastructure.com/news/protecting-health-it-infrastructure-from-ddos-attacks This is the billion dollar question… If everyone throws in their $0.02 it will take just 50 billion of us to answer this question.  

SMS Should NOT be used for 2-factor authentication

https://www.appleworld.today/blog/2016/7/26/nist-sms-shouldnt-be-used-for-two-factor-authentication

DDoS Prevention and Response Best Practices

https://insights.sei.cmu.edu/sei_blog/2016/11/distributed-denial-of-service-attacks-four-best-practices-for-prevention-and-response.html?utm_source=LinkedIn&utm_medium=post&utm_campaign=SEI_general&utm_content=blog&utm_term=cert  

How to break into an iPhone and access contacts and photos

No I’m not going to tell you all how I did it. I just wanted to tell you that I did it…wow. It was easy. Scary.  

India Bans Rs 500 and Rs 1000 Notes In Bid to Reduce Money Laundering and Corruption

http://www.firstpost.com/india/rs-500-rs-1000-note-ban-narendra-modis-demonetisation-move-a-death-knell-to-hawala-trade-3101610.html Very interesting. Cybersecurity professionals must have a solid understanding of fraud to understand the context of cybercrime. Technology is simply an enabler. Understanding motivation provides a deeper understanding and helps in predicting cybercrime trends and new attack vectors. Fraudsters and criminals are incredibly resilient and creative. I just wonder what types of solutions will […]

How Big Data Is Improving Cybersecurity

http://www.csoonline.com/article/3139923/security/how-big-data-is-improving-cyber-security.html Big data and analytics is showing promise with improving cyber security. 90% of respondents from MeriTalk’s new U.S. government survey said they’ve seen a decline in security breaches. 84% of respondents said they’ve used big data to help block these attacks. Not surprising, companies that are already heavy analytics users have a greater amount […]

Why HIPAA Needs An Update

http://www.fiercehealthcare.com/regulatory/why-hipaa-needs-update Definitely needs an update. The original regulation was introduced in 1996. Very few experts or legislators could ever envision ransomware and the sheer number of attack vectors. Also, passing legislation is never a clean process. Making laws is similar to making sausage. Neither process is pretty.    

Anatomy of An Outage – DDoS Attack Against Dyn

Hacked Cameras, DVRs Powered Today’s Massive Internet Outage On 10/21, a DDoS attack via the Mirai malware was launched against Dyn, the internet infrastructure provider. Apparently the botnet used is built on the backs of attacked IoT devices. Much of the attack involved the use of products consisting of compromised digital video recorders (DVRs) and […]

Book Review – “The Hacked World Order” by Adam Segal

Excellent book by Adam Segal. The author provided a great overview of the current state of cybersecurity. Then, he explored the details and history surrounding the history of the Internet, and the past and continuing cooperation between private and governmental entities. The author did an exceptional job in exploring the geopolitics of cybersecurity. Highly recommend. […]

Cybersecurity Insurance – Becoming a “Must Have”

Cybersecurity Insurance Becoming a Must-Have Welcome to the brave new world of cybersecurity. A September survey by the Risk and Insurance Management Society found that 80% of the companies bought a stand-alone cybersecurity policy in 2016. The takeaway: Policies covering exclusively cyber exposures are now the norm for many large companies.

Medical Device Cybersecurity – Fuzz Testing

PDF Download of report What is fuzz testing? Sounds like something a sweater manufacturer or stuffed toy maker might perform. Not really… Fuzz testing or fuzzing is a testing technique for locating unknown vulnerabilities and other defects by sending malformed and unexpected inputs to software. Then the responses of the software are analyzed. In this […]

Hacking Elections Is Easy!

Link to Report True democracy relies on the reliability of the democratic process. The “Help America Vote Act”, passed in 2002, ushered in an era of uncertainty by proliferating the use of electronic voting systems vulnerable to cyber, technical and physical attack. More often than not, electronic voting systems are nothing but bare-bone, decade old […]

Antivirus is dead; Long live antivirus!

Link to posting Antivirus is dead; Long live antivirus! Or as the Romans would have said, “mortuus est antivirus; vivat antivirus!”. The Romans understood viruses very well…just not the computer kind. When the Romans besieged an enemy city or encampment, they would launch arrows that were dipped in feces and dipped in corpses of animals or […]

Who Makes the IoT Things Under Attack?

Link to Posting   Interesting post on the Brian Krebs blog. We all had to expect that someone would think of this. IoT increases attack surfaces to many orders of magnitude. This is going to be very interesting… As always, feedback is welcome.  

AWS Big Data Blog – September 2016

Link to posting   Some great posts and summaries relating to AWS technologies, etc.

HIPAA phase 2 audits are here. Are business associates ready?

Link to article The United States Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) has begun Phase 2 of its audit program. Phase 2 will address both Covered Entity and Business Associate compliance with the Privacy, Security, and Breach Notification Rules of the Health Insurance Portability and Accountability Act of 1996 […]

“Your Life, Repackaged and Resold: The Deep Web Exploitation of Health Sector Breach Victims”

Link to Description and PDF report A brief by the ICIT. Very well written report on the motivations for stealing protected health information.

IRS Warns of a New Wave of Attacks Focused on Tax Professionals

Link to PDF Guide The guide published by the IRS represents a preliminary and known set of risks. You have to keep in mind that threats always evolve. We recommend the attached guide as a first step. After you read the guide, contact Zakti Labs at [email protected] for an initial consultation. We will address your […]

Cybersecurity of Critical Infrastructure

Link to article This is a great post about the cyber risks of critical infrastructure.  

What I Luv About Southwest Airlines

I love flying Southwest Airlines. The service is excellent, the sense of humor, the great prices, the sheer number of destinations, and I respect the business model. My only pet peeve is that I always forget to check in 24 hours before my flight. My problem is that I always forget to check in and […]

print “Hello, World!”

<initiate compile and run code…hamster running on treadmill…code compiles and runs…> Hello, World! Well, we are finally up and running. It’s been an incredibly busy but interesting year. During this time we have completed assessments relating to data breaches, performed penetration tests, completed several fraud risk reviews, HIPAA risk analyses, and some very interesting audits. […]