Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Maersk, me & notPetya

A great post and a must read by Gavin Ashton.  If you are tasked with Identity and Access Management, you at least have to read the Do the Basics section at the end of the article.

Maersk is the world’s largest integrated shipping and container logistics company. I was massively privileged (no pun intended) to be their Identity & Access Management (IAM) Subject Matter Expert (SME), and later IAM Service Owner. Along with tens (if not hundreds) of others, I played a role in the recovery and cybersecurity response to the events of the well-publicised notPetya malware attack in 2017. I left Maersk in March 2019, and as is customary I wrote the obligatory thank you and goodbye note. But there was always a lot more to add. A story to tell.


How to Encrypt Your Internet Traffic

I have recommended EFF’s HTTPS Everywhere extension here before and if you found that interesting, I thought I’d share something from Bill Hess at Pixel Privacy that you might find useful.

Bill created a guide to encrypting all your internet traffic (https://pixelprivacy.com/resources/how-to-encrypt-your-traffic/) which provides more context about why you’d want to use a tool like HTTPS Everywhere (and in fact, he recommends the extension in the guide) as well as other methods of encryption.


Netgear Router Vulnerabilities

Original release date: June 29, 2020

Multiple Netgear router models contain vulnerabilities that a remote attacker can exploit to take control of an affected device.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to update to the most recent firmware version and to replace end-of-life devices that are no longer supported with security patches. Given the increase in telework, CISA recommends that CISOs consider the risk that these vulnerabilities present to business networks.

See the following products for additional information.


20 Impressive Cloud Computing Statistics [Updated for 2020]

From frequent contributor Josh Wardini:

Cloud computing involves a company using several remote servers, which are hosted online, to process, manage, and store a range of data. Traditionally, this was achieved through a local server or PC.  There are many advantages of cloud computing for businesses over storing files on a PC or local server, as we can see from the cloud computing statistics available out there.  Read more…


Facebook hoaxes back in the spotlight – what to tell your friends

At the risk of giving you a feeling of déjà vu all over again, it’s time to talk about Facebook hoaxes once more.


A Front Row Seat to High Stakes Ransomware Payment Negotiations

We expect high stakes negotiations to make or break things. From mergers and acquisitions, to acquiring top talent, to pretrial settlements that keep lawsuits from going to court. Now we must add another type of negotiation to the list of items organizations should be prepared for: negotiating with hackers who are demanding millions of dollars following a ransomware attack. And we’re about to see how recent negotiations went back and forth between hackers and an organization, including the posturing from both sides. You will see how it resulted in a seven-figure payout to hackers. It was the morning of June 1, 2020, when the IT team at the University of California-San Francisco noticed something was wrong… Read more


Penetration Testing Remote Workers: What’s in Scope?

We have come to the realization that the distributed workforce due to the coronavirus will last well into 2021. With many organizations now planning their annual penetration tests, a change is needed in order to accommodate remote workers. While some organizations may continue to use previous pentest templates and procedures, remote workers change the attack surface and add a new wrinkle… Read more


Andy Greenberg, Sandworm Author, Keynotes Cyber Security Summit

In an exciting new development to the 10th Annual Minneapolis Cyber Security Summit, Wired Senior Writer Andy Greenberg will keynote our Tuesday General Session. Prepare to be captivated as he shares insights from his cautionary tale, Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers – a book that chronicles the elite Russian agents behind the most destructive cyberattack the world has ever seen. 


1

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Comments

  1. Eve hunt  August 21, 2020

    Very interesting subject , appreciate it for putting up. “Wrinkles should merely indicate where smiles have been

    reply

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.