I found this awesome infographic from Akamai and I wanted to talk about it a bit because while the infographic itself is awesome, what is represents is the terrible truth behind the point I keep making about DevSecOps. More than 148 million SQL injection attacks… Why? Well, in short, because they work but they only… Continue reading Why SQL Injection is Inexcusable
This is where I drag my soapbox back out and start calling for there to be executive and board level penalties for a data breach. Photos, internal data, and all sorts of other Canon services offered to the public were hit with a ransomware attack that claims if Canon doesn’t pony up, the data will… Continue reading 10 TB of Data Stolen from Canon
Russia, Iran, and China are all attempting to interfere in the November election using some very sophisticated techniques. Without very sophisticated data analysis, its virtually impossible to spot the fakes. The Russian misinformation campaign is back up and running again. This time its using AI to generate fake photos, fake LinkedIn profiles, fake Twitter Accounts,… Continue reading What do Bears, Cranes, and Kittens Have in Common?
Lately, I seem to find myself talking a lot about what Russia is up to these days. Then I see that the Norwegian Parliament has been hacked including several of the Parliament members and Parliament employees. The Norwegian NSA has been investigating and they are not saying who they think was behind it, but my… Continue reading Norwegian Parliament Hacked
Its fairly esoteric but if any of the security professionals out there have ever pen tested a java script application, you know just how vulnerable they can be. Node.js is just the shiny new java script framework and tne newest heir apparent to JQuery. The problem with Node.js is that in order to write anything… Continue reading Node.js Has Vulnerabilities
With the advent of the new Boothole, it might be time to learn how to automate your patching and get on a blue-green path so you can patch and test quickly to respond to these kinds of threats. For those who haven’t seen it, Boothole is an issue where the attackers can gain control of… Continue reading Start Your Patching Engines
Enron started it but the other power companies have all picked up the practice of playing the spot market for energy production and consumption. This works a lot like the Wall Street Futures Market where there is certain amount of financial speculation that goes on around both the supply and demand. If demand is high,… Continue reading High Wattage IoT Devices Used to Manipulate Energy Market
Fancy Bear or APT28, depending on how you name them, has been hacking US companies and the US Department of Energy. I’m guessing, that like Norway, Russia is hurting due to the low oil prices. Here’s a short lesson in how economics can impact target selection by an APT. In order to understand it, you… Continue reading What is Russia Up To Now?
In a recent release FireEye identified a misinformation campaign but this time it wasn’t coming from Facebook, Twitter or any other social media. The news agencies had their content management systems hacked and the hackers were publishing fake news in psy-ops bid to sway public opinion against NATO. The attack appears to have been running… Continue reading Fake News from Actual News Outlets
At least in the Netherlands, you do it by spoofing a bicycle approaching a light. This causes the light to change to allow the bicycle to pass. At least in theory, this could be used to grid lock an entire city. IoT security strikes again.