Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Hackers break into voting machines within 2 hours at Defcon

Hackers from around the world (not just Russia) had the rare opportunity to crack election-style voting machines this weekend in Las Vegas.

Malicious Cyber Activity Targeting ERP Applications

07/25/2018 07:55 AM EDT  Original release date: July 25, 2018

Digital Shadows Ltd. and Onapsis Inc. have released a report describing an increase in the exploitation of vulnerabilities in Enterprise Resource Planning (ERP) applications. ERP applications help organizations manage critical business processes—such as product lifecycle management, customer relationship management, and supply chain management. An attacker can exploit these vulnerabilities to obtain access to sensitive information.

NCCIC encourages users and administrators to review the Digital Shadows and Onapsis report, Exploitation of Enterprise Resource Planning Business Applications, and NCCIC Alert TA16-132A: Exploitation of SAP Business Applications, for further information and recommendations on protecting ERP applications.

And on Tech Republic.

Russian hackers are ready to disrupt US energy utilities, says DHS

Jonathan Homer says Russian hackers have snared “hundreds of victims” in the utilities and equipment sectors and “got to the point where they could have thrown switches” in a way that could have caused power blackouts.

Iranian “Operation Cleaver” Targets US and Other Western Countries

The Cleaver team targets some of the most sensitive global critical infrastructure companies in the world, including military, oil and gas, airlines, airports, energy producers, utilities, transportation, healthcare, telecommunications, technology, manufacturing, education, aerospace, Defense Industrial Base (DIB), chemical companies and governments. Countries impacted include Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, United Arab Emirates, and the US.  Look for our full report on Friday Aug 24.

Has North Korea Given Up Its Nuclear Weapons Program Because Hacking is Cheaper?

A couple of reports from US-CERT on malicious cyber activity by North Korea.

National Cyber Awareness System:  AR18-221A: MAR-10135536-17 – North Korean Trojan: KEYMARBLE  08/09/2018 09:29 AM EDT

National Cyber Awareness System:  North Korean Malicious Cyber Activity  08/09/2018 01:02 PM EDT

Prisoners exploit tablet vulnerability to steal nearly $225K

Hilarious hacking exploits in the jug.  364 of them hacked the JPay tablets they use for email, music and games and transferred money into their own accounts.



About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.