Tag Archives: car

My latest Gartner research: Market Insight: Security Market Transformation Disrupted by the Emergence of Smart, Pervasive and Efficient Security

1 February 2017  |  …fits into/addresses these situations. Analysis by Perry Carpenter and Lawrence Pingree Technologies such as cloud, software-defined networking (SDN), network…or managed services. Analysis by Ruggero Contu, Perry Carpenter and Lawrence Pingree By 2020, integrated security models, such as…

Gartner clients can access this research by clicking here.


My latest Gartner research: Vendor Rating: Huawei

Huawei has established itself as a solid provider of ICT infrastructure technologies across consumer, carrier and enterprise markets worldwide. CIOs and IT leaders should utilize this research to familiarize themselves with Huawei’s “all-cloud” strategy and ecosystem development….

Gartner subscribers can access this research by clicking here.


[ISN] Researcher says he can hack GM’s OnStar app, open vehicle, start engine

http://venturebeat.com/2015/07/30/researcher-says-can-hack-gms-onstar-app-open-vehicle-start-engine/ By Bernie Woodall in Detroit and Jim Finkle in Boston Reuters July 30, 2015 BOSTON/DETROIT (Reuters) – A researcher is advising drivers not to use a mobile app for the General Motors OnStar vehicle communications system, saying hackers can exploit a security flaw in the product to unlock cars and start engines remotely. “White-hat” hacker Samy Kamkar posted a video on Thursday saying he had figured out a way to “locate, unlock and remote-start” vehicles by intercepting communications between the OnStar RemoteLink mobile app and the OnStar service. Kamkar said he plans to provide technical details on the hack next week in Las Vegas at the Def Con conference, where tens of thousands of hacking aficionados will gather to learn about new cybersecurity vulnerabilities. Kamkar released the video a week after Fiat Chrysler Automobiles recalled some 1.4 million vehicles after hacking experts demonstrated a more serious vulnerability in the Jeep Cherokee. That bug allowed them to gain remote control of a Jeep traveling at 70 miles per hour on a public highway. […]


[ISN] Cybercom: Big Data Theft at OPM, Private Networks is New Trend in Cyber Attacks

http://freebeacon.com/national-security/cybercom-big-data-theft-at-opm-private-networks-is-new-trend-in-cyber-attacks/ By Bill Gertz Washington Free Beacon July 27, 2015 The commander of U.S. Cyber Command said last week that the Office of Personnel Management hack of millions of records of federal workers shows a new trend toward using Big Data analytics for both nation-state and criminal cyber attacks. “One of the lessons from OPM for me is we need to recognize that increasingly data has a value all its own and that there are people actively out there interested in acquiring data in volumes and numbers that we didn’t see before,” said Adm. Mike Rogers, the Cyber Command commander and also director of the National Security Agency. The theft of 22.1 million federal records, including sensitive background information on millions of security clearance holders, will assist foreign nations in conducting future cyber attacks through so-called “spear-phishing,” Rogers said, declining to name China as the nation state behind the OPM hacks. Additionally, China is suspected in the hack uncovered in February of 80 million medical records of the health care provider Anthem, which would have given it access to valuable personal intelligence that can be used to identify foreign spies and conduct additional cyber attacks. […]


[ISN] Some hackers make more than $80,000 a month — here’s how

http://www.businessinsider.com/we-found-out-how-much-money-hackers-actually-make-2015-7 By CALE GUTHRIE WEISSMAN Business Insider Jul. 14, 2015 It’s a known fact that hacking makes money. But how much money? And how do hackers carry out their internal dealings with one another so as not to step on each other’s toes? Much like the fine-tuned systems of mafias and gangs that act almost identically to businesses, hackers have also created their own extremely intricate systems — and the scale of their operations is astounding. Security researchers have been embedding themselves into these online underbellies to see precisely what’s going on. This way they can get an early look at the malware hackers are cooking up, while also learning just how the system works. The information security company Trustwave has been doing just this for years. It now has a lot to show for it, including discovering how much money a hacking gang makes and how precisely the cybercrime ecosystem works. Trustwave’s VP of Security Research Ziv Mador has put together a presentation he gives to customers so they can get a better handle on how to protect themselves. As he put it, it’s just a “glance of what we find.” But Mador has given Business Insider an exclusive look at the wheeling and dealing of hackers inside this secretive world — check it out below. […]


[ISN] Symantec to incubate security startups with new VC partnership

http://www.techworld.com/news/security/symantec-incubate-security-startups-with-new-vc-partnership-3619807/ By John E Dunn Techworld.com July 15, 2015 Symantec believes the future of security is out there somewhere and has set up a new partnership with VC firm Frost Data Capital to try and find it in the form of early-stage security startups. Security firms have a long track for acquiring startups for intellectual property as well as seeding the occasional spin-off. What they still struggle to do is to tap into early-stage technology in an affordable and sustainable way. Now the pair plan to incubate up to ten startups per year in the Internet of Things, big data analytics and healthcare sectors in an attempt to shorten the time it takes for the4se technologies to reach thr market. While no investment sums have been revealed it’s an obvious tryout for an emerging ‘non-traditional’ model in which venture firms provide the entrepreneurial support and a security firm such as Symantec sanity checks the security technologies and engineering […]


[ISN] Credit Card Breach at a Zoo Near You

http://krebsonsecurity.com/2015/07/credit-card-breach-at-a-zoo-near-you/ By Brian Krebs Krebs on Security July 9, 2015 Service Systems Associates, a company that serves gift shops and eateries at zoos and cultural centers across the United States, has acknowledged a breach of its credit and debit card processing systems. Several banking industry sources told KrebsOnSecurity they have detected a pattern of fraud on cards that were all used at zoo gift shops operated by Denver-basd SSA. On Wednesday morning, CBS Detroit moved a story citing zoo officials there saying the SSA was investigating a breach involving point-of-sale malware. Contacted about the findings, SSA confirmed that it was the victim of a data security breach. “The violation occurred in the point of sale systems located in the gift shops of several of our clients,” the company said in a written statement. “This means that if a guest used a credit or debit card in the gift shop at one of our partner facilities between March 23 and June 25, 2015, the information on that card may have been compromised.” […]


[ISN] Meet the hackers who break into Microsoft and Apple to steal insider info

http://arstechnica.com/security/2015/07/meet-the-hackers-who-break-into-microsoft-and-apple-to-steal-insider-info/ By Dan Goodin Ars Technica July 8, 2015 In February 2013, Twitter detected a hack attack in progress on its corporate network. “This attack was not the work of amateurs, and we do not believe it was an isolated incident,” a Twitter official wrote when disclosing the intrusion. Sure enough, similar attacks were visited on Facebook, Apple, and Microsoft in the coming weeks. In all four cases, company employees were exposed to a zero-day Java exploit as they viewed a website for iOS developers. Now, security researchers have uncovered dozens of other companies hit by the same attackers. Alternately known as Morpho and Wild Neutron, the group has been active since at least 2011, penetrating companies in the technology, pharmaceutical, investment, and healthcare industries, as well as law firms and firms involved in corporate mergers and acquisitions. The developers of the underlying surveillance malware have thoroughly documented their code with fluent English, and command and control servers are operated with almost flawless operational security. The take-away: the threat actors are likely an espionage group in a position to profit on insider information. “Morpho is a skilled, persistent, and effective attack group which has been active since at least March 2012,” researchers from security firm Symantec wrote in a report published Wednesday. “They are well resourced, using at least one or possibly two zero-day exploits. Their motivation is very likely to be financial gain and given that they have been active for at least three years, they must be successful at monetizing their operation.” […]