If you are here, Thank you for wanting to learn about most recent Industry Cyber Security Oops!
Public Companies, Clouds & Service Provider Vulnerabilities:
Mt Goh 2011: https://en.wikipedia.org/wiki/Mt._Gox
Linked in 2012: https://en.wikipedia.org/wiki/2012_LinkedIn_hack (passwords were stolen)
Yahoo hacks (2012 to 2017): 2012: Yahoo Voices - poor infra, 2013 Mail: Phishing - account hijacking, 2014 Mail: Password breach, 2016: Server hack giving away personal info, 2016: forged cookies to gain access to user accounts without needing password.
Neiman Markus Hack 2014: http://abcnews.go.com/Business/hackers-steal-credit-card-data-neiman-marcus-customers/story?id=21499430
With the rise of all-seeing and all-knowing tech, security is no longer achieved by simply placing a strip of tape over your laptop camera. In the case of Amazon Echoes and Google Homes, it’s not feasible to upturn a Dutch oven over your Alexa every time you want privacy, nor would you want to. With Google’s execution of the headphone jack, following Apple’s footsteps, wireless audio protocol will doubtless explode, and with it countless more stress points ripe for abuse. Here are a couple of examples to learn from:
Foreshadow: The vulnerability is a speculative execution attack on Intel processors that may result in the disclosure of sensitive information stored in personal computers and third party clouds. Great information available at https://en.wikipedia.org/wiki/Foreshadow_(security_vulnerability). Mitigation is through software patches at the moment but these patches bring with them a severe decrease in compute power. Real fix is expected to be next generation of Intel chips. To figure out the steps to protect your PC - please see https://www.howtogeek.com/362797/how-to-protect-your-pc-from-the-intel-foreshadow-flaws/. Pls Note that only PCs with Intel chips are vulnerable to Foreshadow in the first place. AMD chips aren’t vulnerable to this flaw. Most Windows PCs only need operating system updates to protect themselves from Foreshadow, according to Microsoft’s official security advisory. Just run Windows Update to install the latest patches. Microsoft says it hasn’t noticed any performance loss from installing these patches. Some PCs may also need new Intel microcode to protect themselves. Intel says these are the same microcode updates that were released earlier this year. You can get new firmware, if it’s available for your PC, by installing the latest UEFI or BIOS updates from your PC or motherboard manufacturer. You can also install microcode updates directly from Microsoft.
Cisco Smart Install Client Vulnerability: https://blog.talosintelligence.com/2018/04/critical-infrastructure-at-risk.html. Implication of this issue: https://www.bankinfosecurity.com/200000-cisco-network-switches-reportedly-hacked-a-10788
Cisco ASA Issue: https://arstechnica.com/information-technology/2018/02/that-mega-vulnerability-cisco-dropped-is-now-under-exploit/
Vulnerability Scan Inputs reported as part of US Govt certs: https://www.us-cert.gov/ncas/bulletins/SB18-092
2018 BGP Hijacking cases: Suspicious event hijacks Amazon traffic for 2 hours, steals cryptocurrency (almost 1,300 addresses for Amazon Route 53 rerouted for two hours). More on https://www.noction.com/blog/bgp-hijacking. A comprehensive BGP hijack scenarios to be protected against are also available at https://www.slideshare.net/apnic/learning-from-recent-major-bgp-routing-leaks
2016 US election hacks have been enabled by sphear
POLICY recommendations to Implement: Mutually Agreed Norms for Routing Security: Learn more about MANRS here. Implement the four actions for network operators and join the community of security-minded operators working together to make the Internet safer for everyone.
Data & Password Vulnerabilities:
Here are a few examples:
- Equifax Breach: https://www.wired.com/story/equifax-breach-no-excuse/
- HBO 2017 breach: https://www.scmagazine.com/hbo-breach-accomplished-with-hard-work-by-hacker-poor-security-practices-by-victim/article/680568/
- irs 2015 breach: https://qz.com/445233/inside-the-irss-massive-data-breach/
- Ashley Madison Hack: https://en.wikipedia.org/wiki/Ashley_Madison_data_breach
- Sony Pictures Hack: https://en.wikipedia.org/wiki/Sony_Pictures_hack. One Lesson learnt: When you entrust your personal and sensitive information to someone else, what control do you have over where it goes next?https://www.huffingtonpost.com/david-m-kirby/lessons-from-the-sony-pic_b_11800356.html
- Target 2014: http://bgr.com/2014/03/13/target-data-hack-how-it-happened/. http://www.zdnet.com/article/anatomy-of-the-target-data-breach-missed-opportunities-and-lessons-learned/
User Application Vulnerabilities:
Hackers are constantly looking for ways to scan and attack vulnerable users. Here are a few examples:
- Spear-Phishing has enabled the following malicious attacks on countries https://www.cnbc.com/2017/10/11/north-korean-hackers-target-us-electric-companies-with-malicious-emails.html, https://www.axios.com/the-details-on-how-the-russian-election-hacking-operation-1531524151-65e6fab7-e61e-43c7-93e4-42361590c4b1.html
- Ransomware attack: WannaCry ransomware attack infected hundreds of thousands of computers worldwide and crippled parts of Britain’s National Health Service.