Cybersecurity Starter Pack for your Non-technical friends
https://victoria.dev/blog/your-cybersecurity-starter-pack/
October 23, 2020
5 Remote Work Trends to Watch For
Excellent article by Naveen Zutshi, CIO of Palo Alto Networks. In terms of security issues, he hit the nail on the head. I also agree that more cloud deployments will accelerate.
April 28, 2020
Episode 2 PRIVY Podcast
https://privy.simplecast.com/episodes/interview-with-terry-ziemniak-president-of-north-wonders
April 20, 2020
New Podcast – PRIVY – All things security and privacy
Tune in to our inaugural podcast “Privy” – All things security and privacy. privy.simplecast.com
April 14, 2020
Protecting Health IT infrastructure from DDoS Attacks
http://hitinfrastructure.com/news/protecting-health-it-infrastructure-from-ddos-attacks This is the billion dollar question… If everyone throws in their $0.02 it will take just 50 billion of us to answer this question.
January 3, 2017
SMS Should NOT be used for 2-factor authentication
https://www.appleworld.today/blog/2016/7/26/nist-sms-shouldnt-be-used-for-two-factor-authentication
December 19, 2016
DDoS Prevention and Response Best Practices
https://insights.sei.cmu.edu/sei_blog/2016/11/distributed-denial-of-service-attacks-four-best-practices-for-prevention-and-response.html?utm_source=LinkedIn&utm_medium=post&utm_campaign=SEI_general&utm_content=blog&utm_term=cert
December 4, 2016
How to break into an iPhone and access contacts and photos
No I’m not going to tell you all how I did it. I just wanted to tell you that I did it…wow. It was easy. Scary.
November 17, 2016
India Bans Rs 500 and Rs 1000 Notes In Bid to Reduce Money Laundering and Corruption
http://www.firstpost.com/india/rs-500-rs-1000-note-ban-narendra-modis-demonetisation-move-a-death-knell-to-hawala-trade-3101610.html Very interesting. Cybersecurity professionals must have a solid understanding of fraud to understand the context of cybercrime. Technology is simply an enabler. Understanding motivation provides a deeper understanding and helps in predicting cybercrime trends and new attack vectors. Fraudsters and criminals are incredibly resilient and creative. I just wonder what types of solutions will […]
November 12, 2016
How Big Data Is Improving Cybersecurity
http://www.csoonline.com/article/3139923/security/how-big-data-is-improving-cyber-security.html Big data and analytics is showing promise with improving cyber security. 90% of respondents from MeriTalk’s new U.S. government survey said they’ve seen a decline in security breaches. 84% of respondents said they’ve used big data to help block these attacks. Not surprising, companies that are already heavy analytics users have a greater amount […]
November 10, 2016
Why HIPAA Needs An Update
http://www.fiercehealthcare.com/regulatory/why-hipaa-needs-update Definitely needs an update. The original regulation was introduced in 1996. Very few experts or legislators could ever envision ransomware and the sheer number of attack vectors. Also, passing legislation is never a clean process. Making laws is similar to making sausage. Neither process is pretty.
November 6, 2016
Anatomy of An Outage – DDoS Attack Against Dyn
Hacked Cameras, DVRs Powered Today’s Massive Internet Outage On 10/21, a DDoS attack via the Mirai malware was launched against Dyn, the internet infrastructure provider. Apparently the botnet used is built on the backs of attacked IoT devices. Much of the attack involved the use of products consisting of compromised digital video recorders (DVRs) and […]
October 29, 2016
Book Review – “The Hacked World Order” by Adam Segal
Excellent book by Adam Segal. The author provided a great overview of the current state of cybersecurity. Then, he explored the details and history surrounding the history of the Internet, and the past and continuing cooperation between private and governmental entities. The author did an exceptional job in exploring the geopolitics of cybersecurity. Highly recommend. […]
October 14, 2016
Cybersecurity Insurance – Becoming a “Must Have”
Cybersecurity Insurance Becoming a Must-Have Welcome to the brave new world of cybersecurity. A September survey by the Risk and Insurance Management Society found that 80% of the companies bought a stand-alone cybersecurity policy in 2016. The takeaway: Policies covering exclusively cyber exposures are now the norm for many large companies.
October 13, 2016
Medical Device Cybersecurity – Fuzz Testing
PDF Download of report What is fuzz testing? Sounds like something a sweater manufacturer or stuffed toy maker might perform. Not really… Fuzz testing or fuzzing is a testing technique for locating unknown vulnerabilities and other defects by sending malformed and unexpected inputs to software. Then the responses of the software are analyzed. In this […]
October 5, 2016
Hacking Elections Is Easy!
Link to Report True democracy relies on the reliability of the democratic process. The “Help America Vote Act”, passed in 2002, ushered in an era of uncertainty by proliferating the use of electronic voting systems vulnerable to cyber, technical and physical attack. More often than not, electronic voting systems are nothing but bare-bone, decade old […]
October 5, 2016
Antivirus is dead; Long live antivirus!
Link to posting Antivirus is dead; Long live antivirus! Or as the Romans would have said, “mortuus est antivirus; vivat antivirus!”. The Romans understood viruses very well…just not the computer kind. When the Romans besieged an enemy city or encampment, they would launch arrows that were dipped in feces and dipped in corpses of animals or […]
October 4, 2016
Who Makes the IoT Things Under Attack?
Link to Posting Interesting post on the Brian Krebs blog. We all had to expect that someone would think of this. IoT increases attack surfaces to many orders of magnitude. This is going to be very interesting… As always, feedback is welcome.
October 4, 2016
AWS Big Data Blog – September 2016
Link to posting Some great posts and summaries relating to AWS technologies, etc.
October 4, 2016
HIPAA phase 2 audits are here. Are business associates ready?
Link to article The United States Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) has begun Phase 2 of its audit program. Phase 2 will address both Covered Entity and Business Associate compliance with the Privacy, Security, and Breach Notification Rules of the Health Insurance Portability and Accountability Act of 1996 […]
October 4, 2016
“Your Life, Repackaged and Resold: The Deep Web Exploitation of Health Sector Breach Victims”
Link to Description and PDF report A brief by the ICIT. Very well written report on the motivations for stealing protected health information.
October 3, 2016
IRS Warns of a New Wave of Attacks Focused on Tax Professionals
Link to PDF Guide The guide published by the IRS represents a preliminary and known set of risks. You have to keep in mind that threats always evolve. We recommend the attached guide as a first step. After you read the guide, contact Zakti Labs at [email protected] for an initial consultation. We will address your […]
October 3, 2016
Cybersecurity of Critical Infrastructure
Link to article This is a great post about the cyber risks of critical infrastructure.
September 29, 2016
What I Luv About Southwest Airlines
I love flying Southwest Airlines. The service is excellent, the sense of humor, the great prices, the sheer number of destinations, and I respect the business model. My only pet peeve is that I always forget to check in 24 hours before my flight. My problem is that I always forget to check in and […]
September 29, 2016
print “Hello, World!”
<initiate compile and run code…hamster running on treadmill…code compiles and runs…> Hello, World! Well, we are finally up and running. It’s been an incredibly busy but interesting year. During this time we have completed assessments relating to data breaches, performed penetration tests, completed several fraud risk reviews, HIPAA risk analyses, and some very interesting audits. […]
September 29, 2016