[ISN] The marriage between DevOps & SecOps

http://www.idgconnect.com/blog-abstract/9656/the-marriage-devops-secops By IDG Connect March 24 2015 This is a contributed article by Tim Prendergast, Founder & CEO of Evident.io The rise of cloud computing brings many exciting changes to the technology industry: elastic scalability of resources, commodity pricing, freedom to experiment, and a newfound love for agile philosophies. Thankfully, the cloud is leaving behind the constraints and practices of the legacy security industry. Here lies an exciting opportunity: with the rise of DevSecOps, we get to truly redefine how operations, engineering, and security can be brought together in harmony to achieve unparalleled success. In the past, organizations kept the domains of engineering, operations, and security separate for scalability and accountability reasons. Preventing engineering and operations from intermixing guaranteed that production environments were held to a higher standard of reliability, resiliency and consistency than that of engineering environments like those used for development and testing. However, in the last few years, the evolution of DevOps philosophies has really taken the industry by storm. DevOps is not exactly new




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Stealing Data From Computers Using Heat

http://www.wired.com/2015/03/stealing-data-computers-using-heat/ By Kim Zetter Security Wired.com 03.23.15 AIR-GAPPED SYSTEMS, WHICH are isolated from the Internet and are not connected to other systems that are connected to the Internet, are used in situations that demand high security because they make siphoning data from them difficult. Air-gapped systems are used in classified military networks, the payment networks that process credit and debit card transactions for retailers, and in industrial control systems that operate critical infrastructure. Even journalists use them to prevent intruders from remotely accessing sensitive data. To siphon data from an air-gapped system generally requires physical access to the machine, using removable media like a USB flash drive or a firewire cable to connect the air-gapped system directly to another computer. But security researchers at Ben Gurion University in Israel have found a way to retrieve data from an air-gapped computer using only heat emissions and a computer’s built-in thermal sensors. The method would allow attackers to surreptitiously siphon passwords or security keys from a protected system and transmit the data to an internet-connected system that’s in close proximity and that the attackers control. They could also use the internet-connected system to send malicious commands to the air-gapped system using the same heat and sensor technique. In a video demonstration produced by the researchers, they show how they were able to send a command from one computer to an adjacent air-gapped machine to re-position a missile-launch toy the air-gapped system controlled. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] A million hacks a day, but Israel’s electric grid survives

http://www.timesofisrael.com/a-million-hacks-a-day-but-israels-electric-grid-survives/ By David Shamah Times of Israel March 24, 2015 That Israel is a favorite target of hackers is common knowledge – but the sheer number and sophisticated level of those attacks is not as well known, according to the Israel Electric Corporation On the eve of the annual CyberTech conference in Tel Aviv Monday, IEC chairman Yiftah Ron-Tal said that during last summer’s Operation Protective Edge, the company’s servers and infrastructure were attacked nearly a million times – a day. “If we compare the number of cyber-attacks in the war to the relative number of missiles fired by Hamas, Israel’s electric grid was hit by two ‘cyber-missiles’ a day throughout 2013. In 2014, that would have been 15 a day,” said Ron-Tal, adding that, with all due respect to a missile that could destroy a single target, a “direct hit” on the electrical grid would have brought the entire country to its knees. Preventing those kinds of attacks is a major motivator for Israel to develop the world’s best cyber-security technology, said Dr. Eviatar Matania, chairman of Israel’s National Cyber Bureau. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Key Takeaways From the Premera Data Breach

http://healthitsecurity.com/2015/03/23/key-takeaways-from-the-premera-data-breach/ By Elizabeth Snell Health IT Security March 23, 2015 Last week, the Premera data breach announcement further pushed the data security of healthcare organizations into the limelight. The health insurer stated that approximately 11 million members’ sensitive information, including PHI, was potentially exposed after a “sophisticated cyber attack” infiltrated its system. Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and the health insurer’s affiliate brands Vivacity and Connexion Insurance Solutions, Inc. are all potentially affected, with applicants’ and members’ names, dates of birth, email addresses, addresses, telephone numbers, Social Security numbers put at risk. Moreover, member identification numbers, bank account information, and claims information, including clinical information, were all potentially exposed. ncidents like this are likely to cause healthcare leaders to review their incident response procedures, according to Dan Bowden, Chief Information Security Officer for the University of Utah, University of Utah Health System. Many organizations are already working on their malware defense capabilities, Bowden said, but the two large scale breaches over the last couple of months further underline the importance of incident response. “There is no absolute to tell your consumers that there is no possible way their data will not get breached,” Bowden said. “We have people come to work every day trying to do the right thing and people make mistakes.” For example, an employee could open an email that lets malware into the healthcare’s system. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail