Are you doing enough to protect your smartphone from hackers? Security experts predict mobile malware to increase in 2013.
Cyber criminals could increasingly look to attack, hijack smartphones in 2013 - Topix
Cyber Security Compliance for Power, Oil & Gas, Water Treatment, NERC-CIP, NEI 0809 and CFATS
Wednesday, December 26, 2012
Wednesday, December 19, 2012
Cyber Security: 8 holiday email scams to avoid
Read about 8 holiday email scams to be on the lookout for this season.
Be alert: Avoid holiday email scams - Topix
Be alert: Avoid holiday email scams - Topix
Wednesday, December 12, 2012
Cyber Security: Why don't computer users take passwords seriously?
This article highlights interesting facts about password usage and describes how many people fail to take these security measures seriously.
Why don't computer users take passwords seriously? - Topix
Why don't computer users take passwords seriously? - Topix
Tuesday, December 11, 2012
Cyber Security: ICS-CERT Vulnerability Summary for Week of December 3
Click the link below to view the summary of cyber security vulnerabilities for the week of December 3 as collected and reported by ICS-CERT.
http://www.us-cert.gov/cas/bulletins/SB12-345.html
http://www.us-cert.gov/cas/bulletins/SB12-345.html
Thursday, December 6, 2012
Cyber Security: The 12 scams of Christmas
Internet shopping will reach its peak this season with 70% of people planning to shop online and 1 in 4 shoppers using mobile devices. Read about the most dangerous internet scams by clicking the link below.
12 scams of Christmas
12 scams of Christmas
Wednesday, December 5, 2012
Cyber Security Advisor Newsletter – Nov. 2012 vol. 14
I’m sure you’ve heard the saying "When it rains, it pours," meaning when things go wrong, they REALLY go wrong. With the floods in Northeastern US, Northern California and the flash flooding in the UK, I think we’ve had our share of weather. I’m starting to get flooded now in a different way, as I’m sure you are too, with news about the latest attacks in our industry and against our clients. I hope this message is not finding you or your organization too unprepared.
This month in Volume 14, with the rising popularity of Bring Your Own Device (BYOD), we thought it was appropriate to discuss this up and coming activity.
As we continue our efforts to educate on the need to address cyber security, the details that rise to the top are consistent. All successful Security Solutions are part of an overall program that addresses who will manage, maintain, and upgrade the solution for its lifetime. We find too many firewalls that no one has looked at since it was installed or so many holes are punched through it, you might as well not have it in place. The message is, consider what the needs are, develop a program, THEN determine the technical controls. I know the geek in all of us makes us want to jump to the technology first.
Tuesday, December 4, 2012
Cyber Security: Ransomware attacks more frequent
Instances of ransomware, a form of online extortion, have increased significantly over the past year.
http://news.cnet.com/8301-1009_3-57548314-83/ransomware-a-growing-menace-says-symantec/?part=rss&tag=feed&subj=News-Security&Privacy
http://news.cnet.com/8301-1009_3-57548314-83/ransomware-a-growing-menace-says-symantec/?part=rss&tag=feed&subj=News-Security&Privacy
Monday, December 3, 2012
Cyber Security: ICS-CERT Vulnerability Summary for Week of November 26
Click the link below to view the summary of cyber security vulnerabilities for the week of November 26 as collected and reported by ICS-CERT.
http://www.us-cert.gov/cas/bulletins/SB12-338.html
Thursday, November 29, 2012
Cyber Security: Lockheed Martin not immune to cyber attacks, either
Read about Lockheed's surge of cyber attacks over the last several years.
http://news.cnet.com/8301-1009_3-57548766-83/cyberattacks-against-lockheed-have-increased-dramatically/?part=rss&tag=feed&subj=News-Security&Privacy
http://news.cnet.com/8301-1009_3-57548766-83/cyberattacks-against-lockheed-have-increased-dramatically/?part=rss&tag=feed&subj=News-Security&Privacy
Tuesday, November 27, 2012
Cyber Security: ICS-CERT Vulnerability Summary for Week of November 19
Click the link below to view the summary of cyber security vulnerabilities for the week of November 19 as collected and reported by ICS-CERT.
http://www.us-cert.gov/cas/bulletins/SB12-331.html
http://www.us-cert.gov/cas/bulletins/SB12-331.html
Cyber Security: The importance of updating your browser
Almost 25% of browsers currently in use are out of date. Read why it's important to keep your browser patched to the latest version.
Out-of-date, vulnerable browsers put users at risk
Out-of-date, vulnerable browsers put users at risk
Monday, November 26, 2012
Cyber Security: ICS-CERT Vulnerability Summary for Week of November 12
Click the link below to view the summary of cyber security vulnerabilities for the week of November 12 as collected and reported by ICS-CERT.
http://www.us-cert.gov/cas/bulletins/SB12-324.html
http://www.us-cert.gov/cas/bulletins/SB12-324.html
Thursday, November 22, 2012
Cyber Security: Social networking is #1 cyber security risk
Mobile devices and the growing popularity of social networking have led to a greater risk of cyber attacks.
Social networking is the #1 risk to information security
Social networking is the #1 risk to information security
Tuesday, November 20, 2012
Cyber Security: Critical infrastructure attacks from the past
A list of the most noteworthy cyber attacks since 1982.
Timeline: Critical infrastructure attacks increase steadily in past decade
Timeline: Critical infrastructure attacks increase steadily in past decade
Thursday, November 15, 2012
Cyber Security: The phish are always biting
Although the uptimes of phishing attacks have decreased slightly, hackers are hosting more and more phishing websites.
Phishing websites proliferate at record speed
Phishing websites proliferate at record speed
Tuesday, November 13, 2012
Cyber Security: Has your HPI vendor addressed cyber security?
Read how HPI companies are addressing cyber security at their operating facilities.
http://www.hydrocarbonprocessing.com/IssueArticle/3110153/Archive/Industry-Perspectives.html
http://www.hydrocarbonprocessing.com/IssueArticle/3110153/Archive/Industry-Perspectives.html
“Cyber security solutions are most effective when the supplier and user share responsibility. Users should seek a vendor who not only helps them implement various degrees of control network protection and fully manage their security functionality 24/7, but one that actively works with government entities, like the DOE Energy Roadmap, industry-specific programs, like NERC, Critical Infrastructure Protection (CIP), and other standards bodies, such as the International Society of Automation (ISA,) to develop new standards. This level of involvement allows the vendor to validate and adopt advanced cyber-security techniques and solutions that keep the user more secure, but more importantly, more vigilant.”
—Doug Clifton, Director, Critical Infrastructure and Security Practice, Invensys Operations Management
Cyber Security: Low cost wireless security breach - Jawbreaker
Jawbreaker, a "software-defined radio," could give hackers of all skill levels a chance to hone their skills.
HackRF Jawbreaker Could Bring Low-Cost Wireless Hacking to the Masses
HackRF Jawbreaker Could Bring Low-Cost Wireless Hacking to the Masses
Monday, November 12, 2012
Cyber Security: ICS-CERT Vulnerability Summary for Week of November 5
Click the link below to view the summary of cyber security vulnerabilities for the week of November 5 as collected and reported by ICS-CERT.
http://www.us-cert.gov/cas/bulletins/SB12-317.html
http://www.us-cert.gov/cas/bulletins/SB12-317.html
Thursday, November 8, 2012
Cyber Security: Windows 8 debuts along with its newly defeated security measures
Immediately upon its launch, government-funded hackers have already managed to breach Windows 8's security measures.
Tuesday, November 6, 2012
Cyber Security: ICS-CERT Vulnerability Summary for Week of October 29
Click the link below to view the summary of cyber security vulnerabilities for the week of October 29 as collected and reported by ICS-CERT.
http://www.us-cert.gov/cas/bulletins/SB12-310.html
http://www.us-cert.gov/cas/bulletins/SB12-310.html
Cyber Security: History repeats itself - will we ever learn?
Early cyber events in the late 1990s perpetuated a security revolution, but as new technologies emerge, we find ourselves back where we started.
Friday, November 2, 2012
Cyber Security Advisor Newsetter - October 2012 vol 13
This month, with the rising popularity of Social Media, we
thought it was appropriate to discuss some NEW attack vectors out there. Also, don't forget our Consultant's Corner. Steve Batson, Principal Consultant-Critical Infrastructure & Security Practice, talks about Cyber Security and staying ahead of the curve in the Nuclear industry.
As we continue our efforts to educate on the need to
address cyber security, the details that rise to the top are
consistent. All successful Security Solutions are
part of an overall program that addresses who will manage, maintain and upgrade
the solution for its life time. We find too many firewalls
installed that no one has looked at since it was installed or so many holes are
punched through it, you might as well not have it in place. The message is, consider what the needs are, develop a program, THEN determine
the technical controls. I know the geek in all of us makes us
want to jump to the technology first.
Click here for this months newsleter
Thursday, November 1, 2012
Cyber Security: Cyber attacks cost U.S. businesses $8.9 million
A survey of 56 organizations determined the average costs associated with cyber attacks was $8.9 million, a 6 percent increase from the previous year's study.
http://www.infoworld.com/d/security/cyber-attacks-cost-us-businesses-average-89-million-annually-study-says-204275
http://www.infoworld.com/d/security/cyber-attacks-cost-us-businesses-average-89-million-annually-study-says-204275
Wednesday, October 31, 2012
Cyber Security: ICS-CERT Vulnerability Summary for Week of October 22
Click the link below to view the summary of cyber security vulnerabilities for the week of October 22 as collected and reported by ICS-CERT.
http://www.us-cert.gov/cas/bulletins/SB12-303.html
Tuesday, October 30, 2012
Cyber Security: How secure is your digital life?
You may be sharing more personal information online than you think you are. Read this article for tips on how to better protect yourself online and avoid identity theft or remote data wipes.
http://www.pcworld.com/article/2010300/just-how-hackable-is-your-digital-life.html
http://www.pcworld.com/article/2010300/just-how-hackable-is-your-digital-life.html
Thursday, October 25, 2012
Cyber Security: The hacker ate my homework - 100 colleges hacked
Education websites all over the world are being hacked. View the list of affected universities and read the note written by the leader of the hacking group responsible, TeamGhostShell.
100 Education hacked, thousands of accounts leaked by @TeamGhostShell
100 Education hacked, thousands of accounts leaked by @TeamGhostShell
Tuesday, October 23, 2012
Cyber Security: Virgin Mobile customers in danger of being hacked
Virgin Mobile's password policy requires users to select a 6-digit numerical password. Read about the major security concerns and how it would only take hackers 1 million guesses to take over your cellular account.
http://arstechnica.com/security/2012/09/virgin-mobile-password-crack-risk/
http://arstechnica.com/security/2012/09/virgin-mobile-password-crack-risk/
Thursday, October 18, 2012
Cyber Security: What You Don't Know Can Hurt You
The number of mobile malware instances has increased from 14,000 to 40,000 in less than a year, mostly due to lack of cyber security awareness among consumers.
Infosecurity - Mobile malware up 185% amid a lack of consumer awareness
Infosecurity - Mobile malware up 185% amid a lack of consumer awareness
Tuesday, October 16, 2012
Cyber Security: Historic DDoS attacks against U.S. banks continue
PNC, out of Pittsburgh, joins Wells Fargo, J.P. Morgan Chase & Co. and Bank of America on a list of banks taken offline reportedly by a group who claimed responsibilities for the attacks as retaliation for the portrayal of Muslims in “Innocence of Muslims,” a series of movie trailers uploaded to YouTube.
http://threatpost.com/en_us/blogs/historic-ddos-attacks-against-major-us-banks-continue-092712
http://threatpost.com/en_us/blogs/historic-ddos-attacks-against-major-us-banks-continue-092712
Monday, October 15, 2012
Attend the free webinar on “Cyber Security: A Catalyst for Modernization”
Attend the free webinar on “Cyber Security: A Catalyst for Modernization”
Learn from our experts on what the impact and role Cyber Security is playing within a plant’s operational processes and business requirements.
Date: October 24, 2012, at 10 AM Eastern or 5 PM Pacific
Register Here
Thursday, October 11, 2012
Cyber Security: ICS-CERT Vulnerability Summary for Week of October 1
Click the link below to view the summary of cyber security vulnerabilities for the week of October 1 as collected and reported by ICS-CERT.
http://www.us-cert.gov/cas/bulletins/SB12-282.html
Cyber Security: September 2012 ICS-CERT Monthly Monitor
View ICS-CERT's September 2012 newsletter, with a feature article on the Shamoon virus.
http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Monthly_Monitor_Sep2012.pdf
http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Monthly_Monitor_Sep2012.pdf
Cyber Security: FERC Opens Cyber Security Office
A new FERC office, Office of Energy Infrastructure Security (OEIS), will focus on potential cyber and physical security risks to energy facilities under its jurisdiction.
Cybersecurity malware hackers computer viruses | Homeland Security News Wire
Cybersecurity malware hackers computer viruses | Homeland Security News Wire
Monday, October 8, 2012
Cyber Security Advisor Newsletter - Sept 2012 vol 12
Greetings, Our 12th
volume….. It’s hard to believe that it’s been a year since we
launched the 'Cyber Security Advisor' to help get the message out.
We have had lots of inquiries to help our clients with their
cyber requirements. This past month, there has been no
shortage of these requests. This month’s newsletter
focuses on some of these recent attacks and provides you some stories about
what’s going on out there. We know that installing
firewalls just does not cut it anymore….or did it ever? We
know that comprehensive programs that support strong
patching, logging, access controls and network management and monitoring is a
must.
Don’t miss this month Consultant's Corner piece by Bill
Owen. He’s offering some perspective on Incident Response.
Click here for this months issue
Wednesday, October 3, 2012
Cyber Security: Can a password ever be fully secure?
Charles Smith, Invensys Critical Infrastructure & Security Practice consultant, gives tips on how to create strong passwords.
Is your password really secure? As recent news articles have shown, it probably isn’t. Just over the last few months, LinkedIn, Yahoo, Blizzard Games, and others have been hacked and customer passwords stolen. Last year, Sony’s Playstation Network was hacked and not only were passwords captured, but also other personal customer information.
What can be the impact of having your personal information stolen? Many hacker groups are no longer concerned about capturing passwords and instead thrive on personal information. They use this information to perform a "social engineering" attack on people by impersonating someone from a company the victim does business with. They are usually prepared with some information they have already stolen to convince victims that they are legit, and then they will attempt to gather more information such as a credit card number, social security number, or something like a "secret question answer." This allows them to access private accounts and recover or change passwords. They can use this information to wreak havoc on people’s online lives just as if they had originally stolen someone’s password.
What can you do to protect yourself if a vendor does not adequately protect your personal information? There are three things you can do:
- Use complex, yet easy-to-remember passwords, as Tom Jackson stated in Issue 8 of the Cyber Advisor (May 2012).
- Do not link your online accounts together. Sites such as Yahoo now allow you to sign in using your Facebook username and password. While it may be tempting to link accounts to reduce the number of passwords to remember, if one account gets hacked, then all of your accounts can get hacked. If you must link accounts, only link non-secure accounts together. For example, you might link two social media accounts as long as they aren’t linked to your email or an account with credit card information (like eBay or Amazon).
- Use two-factor authentication. Two-factor authentication is where you use "something you know" and "something you have" to log in to your account. If you work for a large company and have VPN access, then you may already be using two-factor authentication if you have a key fob in addition to your network password.
Yahoo now offers the option of having a code sent via text message to your cell phone to access your account. You use this feature by entering your username and password online, and then Yahoo will send a code to your cell phone that must be entered before you can access your account. In this case, even if a hacker has stolen your password, they cannot access your account unless they have physically stolen your cell phone as well. Two-factor authentication isn’t offered by every online service yet, but it is gaining popularity. Click here for more information on two-factor authentication.
If you follow the three key points above, then your information will be much more
secure in today’s online world.
Tuesday, October 2, 2012
National Cyber Security Awareness Month
October is National Cyber Security Awareness Month and the
Department of Homeland Security and National Cyber Security Alliance encourage
all computer users to be safe and secure online with tips and weekly themes
throughout the month. This year’s weekly themes are:
Week 1: Stop. Think. Connect.
Week 2: Law Enforcement and Cyber Security
Week 3: Industry Efforts in Cyber Security
Week 4: K-Life: Digital Literacy Efforts
For tips on what you can do to stay safe online, visit http://stopthinkconnect.org/tips-and-advice/
http://www.staysafeonline.org
Monday, October 1, 2012
Cyber Security: White House confirms spearphishing intrusion
Hackers with ties to China's government have successfully targeted the White House in a spearphishing attack aimed at one of its internal computer networks, reportedly a military office in charge of the president's communications.
Wednesday, September 26, 2012
Cyber Security: Brain hacking? Not as impossible as you might think
New technology suggests that hackers could potentially steal information right from your mind using brain computer interfaces (BCIs) or neuro-headsets that send signals emitted over Bluetooth devices. Early studies show that these signals can reveal private information such as birth month, PIN numbers, bank names, and acquaintances, which increase the chances of hackers correctly guessing your passwords.
Wednesday, September 19, 2012
Cyber Security: No device is safe from hackers
With more than 90 million types of malware now on the rise, PCs are not the only devices in danger of being hacked. Smartphones, social media accounts, and other websites have become major targets for cybercrime, whether hackers are infecting your device through web site visits or virtually taking control of your smartphone and holding it for ransom in exchange for money.
Wednesday, September 12, 2012
Cyber Security: Does Cybercrime cost $1 Trillion?
Does cybercrime really cost $1 trillion? According to some Washington thinktanks who just poured over the research, the answer may stun you....YES! What may stun you even more is that number might even be low.
http://www.propublica.org/article/does-cybercrime-really-cost-1-trillion
http://www.propublica.org/article/does-cybercrime-really-cost-1-trillion
Tuesday, September 4, 2012
Cyber Security Advisor Newsletter - Aug 2012 vol 11
This past month, cyber attacks on industrial companies were common news reports. There has been significant damage to companies’ IT networks and infrastructure. I’ve seen postings of their router/firewall passwords….even their CEO’s email password. We will soon see a full court press from all sorts of IT vendors selling their latest security innovation or products. Buying the latest firewall might make them feel more secure, but unless it’s part of a larger program, I’m afraid they are no better off. And let’s face it, while these vendors think they are doing the right thing, they don’t really understand the environments or safety risks our clients are challenged with daily.
We see the need to assist our clients and are prepared to suggest a planned approach that covers a defense-in-depth model with supporting practices of Incident Response, Disaster Recovery, System Monitoring, among others. The Invensys Critical Infrastructure and Security Practice (CISP) has the skills and the resources to help our clients no matter what industry they are in. We understand that a comprehensive cyber security program is so much more than firewalls and anti-virus. Invensys CISP is structured to help with the entire cyber security program.
We see the need to assist our clients and are prepared to suggest a planned approach that covers a defense-in-depth model with supporting practices of Incident Response, Disaster Recovery, System Monitoring, among others. The Invensys Critical Infrastructure and Security Practice (CISP) has the skills and the resources to help our clients no matter what industry they are in. We understand that a comprehensive cyber security program is so much more than firewalls and anti-virus. Invensys CISP is structured to help with the entire cyber security program.
Wednesday, August 29, 2012
Cyber Security: Malware still going strong
A recent report published by Panda Labs claims that for Q2 of 2012 there was more than 6,000,000 new malware samples created, infecting nearly one third of computers worldwide.
Wednesday, August 22, 2012
Cyber Security: Your webpage may be the front door for hackers
An interesting article on eWeek.com about data compiled by Impervia found that the typical web application will be targeted with high-volume attacks and that SQL-injection attacks are the most common. This data is very important to note since a company’s web applications are attacked almost 120 days of the year.
Thursday, August 16, 2012
Cyber Security: Apple and Amazon change policies
We have all read articles about companies getting hacked and having customer information stolen, or read statistics about how many PCs are infected with malware and viruses from hackers. Here is a story about David and Goliath that made change happen:
Tuesday, August 7, 2012
Cyber Security: I've Been Hacked
Unfortunately getting hacked is all too common these days. This article recounts what a writer went through when he was targeted by a hacker group.
What Getting Hacked Feels Like - Technology - The Atlantic Wire
Thursday, August 2, 2012
Cyber Security Advisor Newsletter - July 2012 vol 10
The July 2012 Volume 10 of the Invensys Critical Infrastructure and Security Practice (CISP) newsletter is a focus on NERC CIP information. It’s important that power plants and utilities understand how this one standard impacts them. We believe the trends and best practices that can be taken from a solid NERC CIP compliance program helps all our clients.
The Invensys Critical Infrastructure and Security Practice has the skills and the resources to help you or your clients no matter what industry. Cyber security is so much more than Firewalls and Antivirus. We can help cut through the Fear, Uncertainty, and Doubt (FUD). We are structured to help you with your entire Cyber Security program.
Click here for this months newsletter
Friday, July 27, 2012
Cyber Security: Homes of the future are vulnerable to cyber attacks
Black Hat 2012 has been in Las Vegas all this week (7/21-26). There are always fascinating stories about cyber security that come out at the show, like this one from Click Orlando about how vulnerable homes of the future will be:
With every home on the smart grid, every home with multiple PCs, the ubiquitous smart phone and wireless tablets, the attack vectors would seem endless. As technology advances, there is a heightened need for cyber security to combat the imminent consequences.
Monday, July 23, 2012
Cyber Security: AWWA - Water Treatment - Update
AWWA ACE12 — Dallas, TX June 10-13, 2012
The AWWA annual conference for 2012 has come and gone. It was a great conference in many respects this year: It was held in my home state of Texas, it was the first year we had a cyber security presence in our booth, I participated in my first standards committee meeting as a voting member, and we started reviewing the ANSI/AWWA G430 “Security Practices for Operation and Management” standard.
Cyber security and water are two words I would have never thought would appear in the same sentence, given my background in process controls and the many times I’ve been at some remote well site with nothing but a chain link fence and a pad lock between me and the PLC (which I could access wirelessly) that operated the site. Then, on that fateful day of September 11, 2001, everything changed. Homeland Security Presidential Directive-7 identified the “Critical Infrastructure and key resources which provide the essential services that underpin American society.” One of the eighteen was drinking water and waste water treatment systems. In response, the Water Sector Coordinating Council Cyber Security Working Group (sponsored by American Water Works Association and the Department of Homeland Security) released the “Roadmap to Secure Control Systems in the Water Sector” in March 2008. This document captured many findings and recommendations and is one of the driving factors behind the development of the ANSI/AWWA G430 standard. In my opinion, we are still in the phase of educating the industry about cyber security, its value, and the potential consequences of ignoring it.
As late as last year (coincidently over the September 11th weekend) at the 2011 Water Security and Emergency Preparedness Conference in Nashville, TN, I saw hardly any cyber security representation. Security was still identified as fences, locks, cameras, contamination monitoring—anything to physically keep the bad guys out. There was little attention paid to that PLC behind the fence that was now directly accessible from the internet. I’m glad to say that I think things are definitely changing. I’ve had several opportunities to speak at regional AWWA/WEF events about cyber security and I managed to volunteer for the standards committee. Enquiries from water and wastewater clients are increasingly concerned about cyber security. This year is looking bright; we just finished up the AWWA annual conference, the standard draft is making its rounds, I’ve had conversations with high-level members of AWWA saying that cyber security is a major initiative, and I’m on the schedule to present at the 2012 Water Security and Emergency Preparedness Conference “Best Practices in SCADA Cyber Security.”
I look forward to seeing all of you in St. Louis, MO September 9-12, 2012.
Michael Martinez
Principal, Critical Infrastructure & Security Practice
Invensys
Tuesday, July 17, 2012
Cyber Security Advisor Newsletter - June 2012 vol 9
Volume 9 of the Invensys Critical Infrastructure and Security Practice (CISP) newsletter focuses on "Compliance vs. Cyber Security"
We have conversations about compliance with our clients on a regular basis. There is typically some confusion what compliance means when it involves cyber security. The discussion focuses a lot on what needs to be done to comply. This edition covers some of the aspects for compliance programs and how they relate to Cyber Security. Compliance is not always Regulatory, compliance could be against internal requirements.
The Critical Infrastructure and Security Practice has the skills and the resources to help your clients no matter what industry. Cyber security is so much more than Firewalls and Antivirus. We are structured to help you with your entire Cyber Security program.
Click here for this months issue
Monday, July 2, 2012
Cyber Security: Hacking Drones, Students Play
On a dare (and a $1,000 wager) Texas college research students hacked into and hijacked a US Department of Homeland Security (DHS) drone using a technique called ‘spoofing’. The good news was it was an experiment put on for the DHS. Definitely a teachable moment.
Students hijack US drone for $1,000 wager - Indian Express
Subscribe to:
Posts (Atom)