A quick Saturday digest of cybersecurity news articles from other sources.
Hackers break into voting machines within 2 hours at Defcon
Hackers from around the world (not just Russia) had the rare opportunity to crack election-style voting machines this weekend in Las Vegas.
Malicious Cyber Activity Targeting ERP Applications
07/25/2018 07:55 AM EDT Original release date: July 25, 2018
Digital Shadows Ltd. and Onapsis Inc. have released a report describing an increase in the exploitation of vulnerabilities in Enterprise Resource Planning (ERP) applications. ERP applications help organizations manage critical business processes—such as product lifecycle management, customer relationship management, and supply chain management. An attacker can exploit these vulnerabilities to obtain access to sensitive information.
NCCIC encourages users and administrators to review the Digital Shadows and Onapsis report, Exploitation of Enterprise Resource Planning Business Applications, and NCCIC Alert TA16-132A: Exploitation of SAP Business Applications, for further information and recommendations on protecting ERP applications.
And on Tech Republic.
Russian hackers are ready to disrupt US energy utilities, says DHS
Jonathan Homer says Russian hackers have snared “hundreds of victims” in the utilities and equipment sectors and “got to the point where they could have thrown switches” in a way that could have caused power blackouts.
Iranian “Operation Cleaver” Targets US and Other Western Countries
The Cleaver team targets some of the most sensitive global critical infrastructure companies in the world, including military, oil and gas, airlines, airports, energy producers, utilities, transportation, healthcare, telecommunications, technology, manufacturing, education, aerospace, Defense Industrial Base (DIB), chemical companies and governments. Countries impacted include Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, United Arab Emirates, and the US. Look for our full report on Friday Aug 24.
Has North Korea Given Up Its Nuclear Weapons Program Because Hacking is Cheaper?
A couple of reports from US-CERT on malicious cyber activity by North Korea.
National Cyber Awareness System: AR18-221A: MAR-10135536-17 – North Korean Trojan: KEYMARBLE 08/09/2018 09:29 AM EDT
National Cyber Awareness System: North Korean Malicious Cyber Activity 08/09/2018 01:02 PM EDT
Prisoners exploit tablet vulnerability to steal nearly $225K
Hilarious hacking exploits in the jug. 364 of them hacked the JPay tablets they use for email, music and games and transferred money into their own accounts.
Share
AUG
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com