Tag Archives: question

[ISN] Financial sector cloud adoption on the rise despite security concerns

http://www.computerweekly.com/news/2240241763/Financial-sector-cloud-adoption-on-the-rise-despite-security-concerns By Caroline Donnelly ComputerWeekly.com 05 March 2015 The financial sector is slowly coming round to the idea of entrusting its apps and data to the cloud, but security remains a major stumbling block for many. That’s one of the key findings from the Cloud Security Alliance’s (CSA’s) latest research into how cloud is being used in the financial sector, which revealed more firms are using off-premise services but on a largely ad-hoc basis. The CipherCloud-sponsored report was compiled by CSA’s recently formed Financial Services Working Group (FSWG) and garnered responses from 102 participants – including banks, credit unions and insurance companies – across 20 countries. Out of those questioned, 61% of organisations said they’re in the throes of hammering out their cloud strategy, with between 39% and 47% looking to use a mix of in-house IT, private, public or hybrid off-premise environments. None of the participating organisations said they plan on adopting a public cloud-only strategy. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The Drug Cartels’ IT Guy

http://motherboard.vice.com/read/radio-silence By Brian Anderson motherboard.vice.com March 3, 2015 It could have been any other morning. Felipe del Jesús Peréz García got dressed, said goodbye to his wife and kids, and drove off to work. It would be a two hour commute from their home in Monterrey, in Northeastern Mexico’s Nuevo León state, to Reynosa, in neighboring Tamaulipas state, where Felipe, an architect, would scout possible installation sites for cell phone towers for a telecommunications company before returning that evening. That was the last time anyone saw him. Felipe’s wife, Tanya, is haunted by his disappearance. “All this time I’ve spent searching for his whereabouts,” she told me. Felipe was 26, with clear hazel eyes and a wide mouth, when he disappeared on March 19, 2013, just under two years ago. It’s a story, or lack thereof, that’s common across Mexico. People vanish, and the vast majority of cases aren’t solved for years, if they’re ever closed at all. Tanya is just one of the bereaved in an expanding web of loved ones and friends left with more questions than answers, and a collective resolve to seek justice for los desaparecidos. They’re waiting for the phone to ring. Only this story is, perhaps, not just another kidnapping. What happened to Feli​pe Peréz? One theory suggests he was abducted by a sophisticated organized crime syndicate, and then forced into a hacker brigade that builds and services the cartel’s hidden, backcountry communications infrastructure. They’re the Geek Squads to some of the biggest mafia-style organizations in the world. That’s how Tanya sees it, at least. She looks at the rash of kidnapping cases across Mexico, many of which have taken place in Tamaulipas, targeted specifically at architects, engineers, and other information technology types, and can’t help but think Felipe was one of them. Nearly 40 information technology specialists have disappeared in Mexico s​ince 2008, allegedly nabbed by one of the two dominant gangs in the region, the Cartel del Golfo or Los Zetas. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Credit Card Breach at Mandarin Oriental

http://krebsonsecurity.com/2015/03/credit-card-breach-at-mandarian-oriental/ By Brian Krebs Krebs on Security March 4, 2015 In response to questions from KrebsOnSecurity, upscale hotel chain Mandarin Oriental Hotel Group today confirmed that its hotels have been affected by a credit card breach. Reached for comment about reports from financial industry sources about a pattern of fraudulent charges on customer cards that had all recently been used at Mandarin hotels, the company confirmed it is investigating a breach. “We can confirm that Mandarin Oriental has been alerted to a potential credit card breach and is currently conducting a thorough investigation to identify and resolve the issue,” the company said in an emailed statement. “Unfortunately incidents of this nature are increasingly becoming an industry-wide concern. The Group takes the protection of customer information very seriously and is coordinating with credit card agencies and the necessary forensic specialists to ensure our guests are protected.” Mandarin isn’t saying yet how many of the company’s two-dozen or so locations worldwide may be impacted, but banking industry sources say the breach almost certainly impacted most if not all Mandarin hotels in the United States, including locations in Boston, Florida, Las Vegas, Miami, New York, and Washington, D.C. Sources also say the compromise likely dates back to just before Christmas 2014. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Data Breach at Health Insurer Anthem Could Impact Millions

http://krebsonsecurity.com/2015/02/data-breach-at-health-insurer-anthem-could-impact-millions/ By Brian Krebs Krebs on Security Feb 4, 2015 Anthem Inc., the nation’s second largest health insurer, disclosed Wednesday that hackers had broken into its servers and stolen Social Security numbers and other personal data from all of its business lines. Given the company’s size, this breach could end up impacting tens of millions of Americans. Anthem didn’t specify how many consumer records may have been breached, but it did say all of the company’s business units are affected. The figures from Anthem’s Web site offer a glimpse at just how big this breach could be: “With nearly 69 million people served by its affiliated companies including more than 37 million enrolled in its family of health plans, Anthem is one of the nation’s leading health benefits companies.” The company said it is conducting an extensive IT forensic investigation to determine what members are impacted. “We are working around the clock to determine how many people have been impacted and will notify all Anthem members who are impacted through a written communication,” Anthem said in question and answer page released about the breach. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CarolinaCon-11 is coming – March 20th-22nd 2015

Forwarded from: Vic Vandal h4x0rs, InfoSec geeks, script kidz, posers, and friends, CarolinaCon is back for its 11th year, which is also billed as “the last CarolinaCon as we know it”. For about the price of your average movie admission with popcorn and a drink ($20), YOU are invited to join us for yet another intimate and informative weekend of hacking-related education. This year’s event will be held on the weekend of March 20th-22nd 2015 in Raleigh NC at the North Raleigh Hilton (Midtown). The currently chosen lineup includes more presenters named Old Gregg than you’ll find at any conference anywhere, along with other esteemed individuals, such as; – Have you ever drunk Bailey’s from a shoe? (aka Pen-Testing & Social Engineering Convergence) – Old Gregg (smrk3r) – Cryptocurrency Laundering Theory for Fun and Retirement – Old Gregg (myddrn) – How to design your “You got hacked” page – Old Gregg (digital shokunin) – Electronics Engineering for Pen-Testers – Old Gregg (melvin2001) – Phony Business – What Goes Around Comes Back Around – Unregistered & Snide – Elevator Obscura: Industry Hacks & Answers to all Your Odd Questions About Those Magical Moving Rooms – Howard Payne & Deviant Ollam – Rethinking the Origins of the Lock – Schuyler Towne – RedneckSec – @th3mojo – Cyber War Stories – Andrew Shumate – One Step Closer to the Matrix: Machine Learning and Augmented Reality in Networking – Rob Weiss & John Eberhardt – I live in a van and so can you – Mark Rickert, aka Matt Foley – Drilling Deeper with Veil’s PowerTools – Justin Warner (@sixdub) & Will Schroeder (@harmj0y) – Hacker’s Practice Ground – Lokesh Pidawekar – Social engineering is bullsh*t, call it what it is – surpherdave – Anatomy of Web Client Attacks – Jason Gillam – Art of Post-infection Response and Mitigation – chill – SPAM, Phish and Other Things Good to Eat – Joshua Schroeder / JoshInGeneral …..and potentially 1-2 other l33t talks that we might be able to squeeze in! Side events currently on tap include; – Capture The Flag – Mobile Museum of Vintage Technology – Lockpicking Village – Hacker Trivia – Android Netrunner – Pulp Fiction Canonical Drinking Game – “Unofficial” Shootout (details at http://hackers.withguns.com/) For those traveling to the event or who simply want to stay at the Hilton venue throughout, hotel rooms at the special CarolinaCon group rate can be reserved via this link. http://www.hilton.com/en/hi/groups/personalized/R/RDUNHHF-CCC-20150319/index.jhtml?WT.mc_id=POG ALERT: The special group rate is only available until February 20th, so book now if interested. For other exciting details as they develop stay tuned to: http://www.carolinacon.org If you have any important questions about the event that are NOT answered in website content you can send an email to; infocarolinacon.org Peace, Vic


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Dating site Topface pays hacker who stole 20 million credentials

http://www.techworld.com/news/security/dating-site-topface-pays-hacker-who-stole-20-million-credentials-3596333/ By John E Dunn Techworld.com Jan 30, 2015 The ‘Mastermind’ hacker who stole 20 million user credentials from Russian dating website Topface has got an extraordinary response from his victim – an undisclosed payment for “finding” the vulnerability that led to the calamitous breach. It’s an extraordinary turns of events that would be unthinkable in almost any other country but the site justified its decision with the argument that recovering the data would end the matter once and for all. Recall that the hacker in question had tried to sell the stolen data on a crime forum which is where the breach was first noticed by a third party, US securty outfit Easy Solutions. Without that discovery the data would probably have been sold on without the site realising that a breach had happened in the first place. “He [Mastermind] has confirmed the findings of our investigation and has made an agreement with Topface for no further distribution of acquired email addresses database,” the firm said in a statement. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Obama talks cybersecurity, but Federal IT system breaches increasing [Updated]

http://arstechnica.com/tech-policy/2015/01/obama-talks-cybersecurity-but-federal-it-systems-breaches-increase/ By David Kravets Ars Technica Jan 20, 2015 Update: This post was updated Tuesday evening to reflect comments the president made during his State of the Union address: President Barack Obama urged Congress and the American public to embrace cyber security legislation during his State of the Union address Tuesday evening. The Cyber Intelligence Sharing and Protection Act, known as CISPA, was unveiled by Obama a week ago and is controversial because it allows companies to share cyber threat information with the Department of Homeland Security—data that might include their customers’ private information. “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. So tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. That should be a bipartsan effort. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe,” the president said without identifying his CISPA proposal and others by name. New research out earlier Tuesday from George Mason University, however, calls into question how effective Obama’s proposal would be. That’s because the federal government’s IT professionals as a whole have “a poor track record in maintaining good cybersecurity and information-sharing practices.” What’s more, the federal bureaucracy “systematically” fails to meet its own federal cybersecurity standards despite billions of dollars in funding. According to a paper by Eli Dourado, a George Mason research fellow, and Andrea Castillo, manager of the university’s Technology Policy Program: […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Why I Hope Congress Never Watches Blackhat

http://www.wired.com/2015/01/why-i-hope-congress-never-watches-blackhat/ By Kevin Poulsen Threat Level Wired.com 01.16.15 What a strange time. Last week I was literally walking the red carpet at the Hollywood premiere of Michael Mann’s Blackhat, a crime thriller that I had the good fortune to work on as a “hacker adviser” (my actual screen credit). Today, all I’m thinking is, please, God, don’t let anybody in Congress see the film. I’ll explain my anxiety in a minute. First, the movie: Mann, the legendary director of hardboiled crime films like Heat, Collateral, and Miami Vice, always has been a stickler for authenticity, and he brought me into Blackhat as an adviser early on, before it had a title or a lead actor. If you’re wondering how one gets involved in a Michael Mann film, here’s how it works: Mann calls you on the phone. You think, “Why is Michael Mann calling me?” After a phone conversation and an interview in Los Angeles, you’re officially invited on board as a consultant. It turned out Blackhat’s screenwriter had read my cybercrime book Kingpin, and he’d suggested me to Mann. When I showed up for my first consulting meeting, I expected to find a roomful of people crowded around a long conference table. Instead, it was just me and Mann, sitting in his office for five hours at a time. He had questions about malware, hacking, how modern computer intrusions play out. For subsequent meetings, I was given the current iteration of the screenplay (watermarked with my name, lest I leak it to the Pirate Bay), and we went over it line by line, looking at dialogue, discussing tweaks to the hacking and forensics scenes, and working on some of the procedural elements in the plot. Later, Mann brought in a second computer consultant, OkCupid hacker Chris McKinley, to write code for the movie and train leading man Chris Hemsworth in Linux basics, making Hemsworth officially the best-looking human to ever use a command line. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail