Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Hackers break into voting machines within 2 hours at Defcon

Hackers from around the world (not just Russia) had the rare opportunity to crack election-style voting machines this weekend in Las Vegas.

Malicious Cyber Activity Targeting ERP Applications

07/25/2018 07:55 AM EDT  Original release date: July 25, 2018

Digital Shadows Ltd. and Onapsis Inc. have released a report describing an increase in the exploitation of vulnerabilities in Enterprise Resource Planning (ERP) applications. ERP applications help organizations manage critical business processes—such as product lifecycle management, customer relationship management, and supply chain management. An attacker can exploit these vulnerabilities to obtain access to sensitive information.

NCCIC encourages users and administrators to review the Digital Shadows and Onapsis report, Exploitation of Enterprise Resource Planning Business Applications, and NCCIC Alert TA16-132A: Exploitation of SAP Business Applications, for further information and recommendations on protecting ERP applications.

And on Tech Republic.

Russian hackers are ready to disrupt US energy utilities, says DHS

Jonathan Homer says Russian hackers have snared “hundreds of victims” in the utilities and equipment sectors and “got to the point where they could have thrown switches” in a way that could have caused power blackouts.

Iranian “Operation Cleaver” Targets US and Other Western Countries

The Cleaver team targets some of the most sensitive global critical infrastructure companies in the world, including military, oil and gas, airlines, airports, energy producers, utilities, transportation, healthcare, telecommunications, technology, manufacturing, education, aerospace, Defense Industrial Base (DIB), chemical companies and governments. Countries impacted include Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, United Arab Emirates, and the US.  Look for our full report on Friday Aug 24.

Has North Korea Given Up Its Nuclear Weapons Program Because Hacking is Cheaper?

A couple of reports from US-CERT on malicious cyber activity by North Korea.

National Cyber Awareness System:  AR18-221A: MAR-10135536-17 – North Korean Trojan: KEYMARBLE  08/09/2018 09:29 AM EDT

National Cyber Awareness System:  North Korean Malicious Cyber Activity  08/09/2018 01:02 PM EDT

Prisoners exploit tablet vulnerability to steal nearly $225K

Hilarious hacking exploits in the jug.  364 of them hacked the JPay tablets they use for email, music and games and transferred money into their own accounts.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.