search
top
Currently Browsing: News

National Cybersecurity Awareness Month 2019

National Cybersecurity Awareness Month 2019

So, I ended up posting this much later than I anticipated. I originally had it ready for October. However, I had to make some final edits and had to delay it. None the less, here it is a month later!

Cyber security awareness month is coming up real soon. In October, it is nationally known as cyber security month. Many security leaders present important security topics. This is also a time where many companies, government units and various organizations educate their members on cyber security. Many hold training workshops, lectures and send out updates to their workers.

I’d like to highlight some key points that readers should try to implement and incorporate in their personal lives and at work.

The US Cert organization has built some excellent cyber security training.

There detailed reports and educational training can be found all for free à https://niccs.us-cert.gov/national-cybersecurity-awareness-month-2019

Read more About This Post

Equifax Breach Lessons Learned

Equifax Breach Lessons Learned

After reading the Equifax breach report released by U.S. House of Representatives Committee on Oversight and Government Reform. This would be a great post to summarize and list out key items that went wrong in the Equifax breach. Hopefully, it will lead to a wake up call for other companies in order to better their own information security. 

 

Security Representative on the Core team

It’s highly important to have someone that understands information security on your core team. Many times, the task gets pushed to the Legal or IT team core team members. This is one of the reasons that led to the breach. IT operational tasks and security tasks need to fall under a specific leader. Ideally, someone that understand security and not just IT. In Equifax’s case, security was represented by the IT team core member. However, their views were not in line with the security team leader. Therefore, something that may be of risk may not reach the CEO’s level and will get missed. However, Read The Full Post

Cellebrite Systems Breeched

Cellebrite Systems Breeched

 

Cellebrite (https://cellebrite.com) is an Israeli company that specializes in mobile forensics.

They have created a well known product that is called Universal Forensic Extraction Device (UFED). This tool basically can extract data from most mobile devices. They are able to also unlock mobile devices with a passcode. I have used a much older version of this tool in the past. You may see the catch the details in my Research Project here –> https://www.stealthbay.com/hardening-mobile-phone-devices/

What was taken

Based off a popular website  called “Motherboard” who first posted about this breech. Cellebrite has lost over 900GB worth of data. Now, that is a lot of information and data that was taken. My assumption is that a lot of the data is related to tools and software made use of for forensic investigations. (more…)

Samsung Note 7 Recall – Batteries Blowing up?

Samsung Note 7 Mobile Devices

Samsung recently released a new phone to their existing line of phones.

They released their new device the Note 7, which made some amazing sales in the first week of its release.
The demand was so high, they they ended up selling out all of their preorders.

However, it seems that Samsung now has come head to head with a new global issue.

An announcement was made recently which revealed that the Samsung Note 7 devices can melt, catch on fire and even explode when being charged.
The issue seems to reside from using a battery supplier than possibly did not make high quality batteries.

The models sold in China had a battery made from another supplier, which might be why none of these issues have been heard of in China so far.
(more…)

Russia claims they can now collect crypto keys?

Russia and the Encrypted World

So in top news many have probably already heard of Russia claiming or at least pushing to break encryption.
The initiative is to push for a wide ranging surveillance law, which would allow them access to a whole heck lot of information.

The law calls for metadata and content to be stored for at least six months, plus access to encrypted services.
This means that they also want access to decrypt Whatsapp conversations/chats, Viber & Skype calls… etc… etc…

So how do they go about this now? (more…)

« Previous Entries

top