If you are here, Thank you for wanting to learn about most recent Industry Cyber Security Oops!

Industry Security Vulnerabilities:

Incidents to draw our lessons to secure our Infrastructure, Applications & Users! http://www.foxbusiness.com/features/2017/09/22/cyber-hack-hall-shame.html

Public Companies, Clouds & Service Provider Vulnerabilities:

Mt Goh 2011: https://en.wikipedia.org/wiki/Mt._Gox

PLaystation Hack: https://www.extremetech.com/gaming/84218-how-the-playstation-network-was-hacked

Linked in 2012: https://en.wikipedia.org/wiki/2012_LinkedIn_hack (passwords were stolen)

Yahoo hacks (2012 to 2017): 2012: Yahoo Voices - poor infra, 2013 Mail: Phishing - account hijacking, 2014 Mail: Password breach, 2016: Server hack giving away personal info, 2016: forged cookies to gain access to user accounts without needing password.

Neiman Markus Hack 2014: http://abcnews.go.com/Business/hackers-steal-credit-card-data-neiman-marcus-customers/story?id=21499430

https://www.sans.org/reading-room/whitepapers/breaches/case-study-home-depot-data-breach-36367

Device Vulnerabilities:

With the rise of all-seeing and all-knowing tech, security is no longer achieved by simply placing a strip of tape over your laptop camera. In the case of Amazon Echoes and Google Homes, it’s not feasible to upturn a Dutch oven over your Alexa every time you want privacy, nor would you want to. With Google’s execution of the headphone jack, following Apple’s footsteps, wireless audio protocol will doubtless explode, and with it countless more stress points ripe for abuse. Here are a couple of examples to learn from:

https://finance.yahoo.com/news/googles-home-recording-scandal-makes-case-early-adopter-203620207.html

https://www.engadget.com/2017/03/07/amazon-hands-over-alexa-data-after-murder-suspect-gives-the-okay/

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

https://www.huffingtonpost.com/healthline-/parental-warning-your-bab_b_11668882.html

Spectre & Meltdown: https://meltdownattack.com && https://www.csoonline.com/article/3247868/vulnerabilities/spectre-and-meltdown-explained-what-they-are-how-they-work-whats-at-risk.html.

Foreshadow: The vulnerability is a speculative execution attack on Intel processors that may result in the disclosure of sensitive information stored in personal computers and third party clouds. Great information available at https://en.wikipedia.org/wiki/Foreshadow_(security_vulnerability). Mitigation is through software patches at the moment but these patches bring with them a severe decrease in compute power. Real fix is expected to be next generation of Intel chips. To figure out the steps to protect your PC - please see https://www.howtogeek.com/362797/how-to-protect-your-pc-from-the-intel-foreshadow-flaws/. Pls Note that only PCs with Intel chips are vulnerable to Foreshadow in the first place. AMD chips aren’t vulnerable to this flaw. Most Windows PCs only need operating system updates to protect themselves from Foreshadow, according to Microsoft’s official security advisory. Just run Windows Update to install the latest patches. Microsoft says it hasn’t noticed any performance loss from installing these patches. Some PCs may also need new Intel microcode to protect themselves. Intel says these are the same microcode updates that were released earlier this year. You can get new firmware, if it’s available for your PC, by installing the latest UEFI or BIOS updates from your PC or motherboard manufacturer. You can also install microcode updates directly from Microsoft.

Cisco Smart Install Client Vulnerability: https://blog.talosintelligence.com/2018/04/critical-infrastructure-at-risk.html. Implication of this issue: https://www.bankinfosecurity.com/200000-cisco-network-switches-reportedly-hacked-a-10788

Cisco ASA Issue: https://arstechnica.com/information-technology/2018/02/that-mega-vulnerability-cisco-dropped-is-now-under-exploit/

Vulnerability Scan Inputs reported as part of US Govt certs: https://www.us-cert.gov/ncas/bulletins/SB18-092

2018 BGP Hijacking cases: Suspicious event hijacks Amazon traffic for 2 hours, steals cryptocurrency (almost 1,300 addresses for Amazon Route 53 rerouted for two hours). More on https://www.noction.com/blog/bgp-hijacking. A comprehensive BGP hijack scenarios to be protected against are also available at https://www.slideshare.net/apnic/learning-from-recent-major-bgp-routing-leaks

2016 US election hacks have been enabled by sphear

POLICY recommendations to Implement: Mutually Agreed Norms for Routing Security: Learn more about MANRS here. Implement the four actions for network operators and join the community of security-minded operators working together to make the Internet safer for everyone.


Data & Password Vulnerabilities:

Here are a few examples:

User Application Vulnerabilities:

Hackers are constantly looking for ways to scan and attack vulnerable users. Here are a few examples:

To find ways to avoid these "oops" in your IT, pls contact our Sarsu Team: info@sarsu.org