ISC Stormcast For Friday, May 26th 2017 https://isc.sans.edu/podcastdetail.html?id=5518, (Thu, May 25th)
Posted in Uncategorized | Comments (0)
In-brief: a report by the Cloud Security Alliance calls for a bottom up remake of infrastructure to support connected vehicles and warns of more, serious attacks as connected vehicles begin interacting with each other and with connected – but insecure – infrastructure. The ecosystem of connected vehicles is in full expansion, but car...
Posted in automobile, Automotive, cloud, Cloud Security Alliance, critical infrastructure, Hacking, hacks, hardware, Internet of things, Miller and Valasek, news, Policy, privacy, published research, Reports, trends, vulnerabilities | Comments (0)
A Florida GOP campaign consultant who runs a blog under a pseudonym directly contacted the hackers behind the breach of the Democratic National Committee and the Democratic Congressional Campaign Committee, and he solicited material from them. The Wall Street Journal reports that Aaron Nevins set up a Dropbox account specifically for “Guccifer 2.0” to drop files into, and he received 2.5 GB of data from the Democratic Party breaches—including the “get out the vote” strategy for congressional candidates in Florida.
Nevins analyzed the data and posted his analysis on his blog, HelloFLA.com. Guccifer 2.0 sent a link to the blog to Trump backer Roger Stone, who told the paper he was also in communication with the hackers. Nevins told the Journal that the hackers didn't understand what they had until he explained the data's value.
Some of the most valuable data, Nevins said, was the Democratic Party's voter turnout models. “Basically, if this was a war, this is the map to where all the troops are deployed,” Nevins told the person or persons behind the Guccifer 2.0 account via Twitter. He also told them, “This is probably worth millions of dollars."
Those of you with long memories might remember one of the more amusing (or perhaps annoying) bugs of the Windows 95 and 98 era. Certain specially crafted filenames could make the operating system crash. Malicious users could use this to attack other people's machines by using one of the special filenames as an image source; the browser would try to access the bad file, and Windows would promptly fall over.
It turns out that Windows 7 and 8.1 (and Windows Vista, but that's out of support anyway) have a similar kind of bug. They can be taken advantage of in the same kind of way: certain bad filenames make the system lock up or occasionally crash with a blue screen of death, and malicious webpages can embed those filenames by using them as image sources. If you visit such a page (in any browser), your PC will hang shortly after and possibly crash outright.
The Windows 9x-era bug was due to an error in the way that operating systems handled special filenames. Windows has a number of filenames that are "special" because they don't correspond to any actual file; instead, they represent hardware devices. These special filenames can be accessed from any location in the file system, even though they don't exist on-disk.
Fourteen people who say their names and addresses were attached to anti-net neutrality comments without their permission have asked the Federal Communications Commission to notify other victims of the impersonation and remove fraudulent comments from the net neutrality docket.
As we've previously reported, there have been hundreds of thousands of identical comments that were ostensibly submitted to the FCC by ordinary people who hate the current net neutrality rules. But the comments appear to have been submitted by spam bots and attached to names drawn from data breaches.
People who say they were impersonated sent a letter to FCC Chairman Ajit Pai. In it, they wrote the following:
What does it take to successfully apply the process of intelligence to the field of cyber security?
Or perhaps we need to consider what happens when our efforts don’t produce the outcomes we seek. What really needs to happen?
John Boling has some ideas. John recently shared his insights in Do we really need higher education to solve our perceived and actual security needs? Since that piece got people talking, I reached out to see if he wanted to step up and try out my new Security Slapshot series … and he stepped up to take a shot.
John Boling (@CySocSci) is a security veteran who followed his own path to success. Currently working as a Senior Security Consultant, he started on the front lines supporting MS-DOS and Windows before completing degrees from the University of North Carolina at Charlotte and the National Intelligence University. A conforming contradiction, he boldly blends business, technology, and social science to understand security threats.
Here’s his Security Slapshot on applying intelligence to security:
SLAPSHOT: Intelligence is NOT failing because of data or people, but from a lack of direction.
How do you get to a destination without knowing where you are going?
You can have the best maps and algorithms, but without knowing the desired destination how does a path emerge? As a result, many programs meander. Sometimes, an adequate destination appears, however many times it does not.
The reference model for the intelligence process is found in the US Department of Defense publication Joint Intelligence (JP 2-0). Much like the OSI Reference Model for networking, this represents the core understanding an intelligence professional should hold. While variances occur, all start with some sort of requirement, followed by collecting and processing data such that it can be analyzed, and finish with a reporting mechanism. Each component of this process serves a purpose and needs feedback for refinement.
As a system, the intelligence process often fails from lack of direction.
The solution is discipline to the process. The industry must recognize that intelligence emerges from a system with clear objectives. No mystery exists on processes that develop quality intelligence products, but expectations should be measured. Give your analyst clear direction outlining what questions need answers for the organization. Build data collection and processing engines to support their analysis based on those requirements. I would incorporate the following in any intelligence program:
- JP 2-0: Joint Intelligence
- Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains
- The Diamond Model of Intrusion Analysis
- Psychology of Intelligence Analysis
My Take (some color commentary)
I frequently point out the three keys of leadership including articulating the current situation accurately, painting a picture of a better tomorrow to set the direction, and then offering individuals a pathway that elevates and accelerates them.
Seems the proper application of intelligence principles requires a similar focus. In the process, the organization benefits as individuals thrive. The challenge lies in embracing the situation and translating the value of the intelligence process into the picture of a better tomorrow.
The post What security leaders need before applying intelligence to cyber appeared first on McAfee Blogs.
Two auto manufacturers are in legal crosshairs this week because of emissions from their diesel vehicles.
The US Department of Justice sued Fiat Chrysler of America (FCA) on Tuesday over 103,828 diesel Ram 1500s and Jeep Grand Cherokees. The DOJ claims that the cars contain “at least eight software-based features” to meddle with the cars’ emissions control systems.
And today, two plaintiffs have asked a judge to let them proceed with a class-action lawsuit against General Motors. They claim that 705,000 of the American carmaker’s diesel Silverado and Sierra HD trucks are giving off nitrogen oxide (NOx) emissions in excess of what a consumer would expect and what the Environmental Protection Agency (EPA) legally allows.
Greetings, Arsians! Courtesy of our partners at TechBargains, we have a bunch of Memorial Day deals and steals for you to kick off the holiday weekend. To highlight a few of the best deals, now you can get Dell's new Inspiron 15 7000 gaming laptop, complete with a quad-core Core i5 CPU, GTX 1050ti GPU, and 256GB SSD for $799—that's $250 less than its original price. We also have 25 percent off many Lenovo ThinkPad models plus a $249 4K YI action cam for just $169.
Check out the rest of the deals below.