Tag Archives: Repeat’

DHS warns of power grid cyberattacks

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss a new warning from the Department of Homeland Security regarding Russian hackers targeting the U.S. power grid.

The Department of Homeland Security has renewed its concerns over potential power grid cyberattacks.

DHS officials held a briefing this week to discuss the threat of Russian hackers targeting utility companies and industrial control systems in an apparent effort to compromise and potentially cripple U.S. critical infrastructure, according to a report from The Wall Street Journal. The report also claimed the hackers, who were linked to the Russian threat group Dragonfly, last year gained access to the control rooms of U.S. electric companies during an extensive hacking campaign.

While the government has issued warnings about active threats to ICS and critical infrastructure before, the DHS briefing marks the first time the agency has publicly discussed the extent of the power grid cyberattacks. Government officials said the Dragonfly campaign is likely continuing.

What effect will DHS’ briefing have on critical infrastructure security? Is the government’s assessment of the ICS threats accurate? Why did DHS decide to make this information public now? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Closing the gender gap at cybersecurity conferences

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the under-representation of women at cybersecurity conferences and how it affects the infosec industry.

This week’s Risk & Repeat podcast looks at the lack of women at cybersecurity conferences and explores what can be done to improve those numbers, as well as to increase diversity as a whole in the infosec industry.

Earlier this year, RSA Conference came under fire for having just one woman keynote speaker among nearly two dozen keynote spots. The criticism led members of the infosec community to form a new event, dubbed Our Security Advocates, or OuRSA. And while cybersecurity conferences such as Black Hat 2018 will prominently feature women infosec professionals as keynote speakers, there is still a significant gender gap at cybersecurity conferences.

Why aren’t more women speaking at industry events? How can organizations increase the number of women attending and participating in these events? Is the lack of women at cybersecurity conferences a symptom of the larger gender gap in infosec or a contributor to it? SearchSecurity editors Rob Wright and Maddie Bacon discuss those questions and more in this episode of the Risk & Repeat podcast.

U.S. government eyes offensive cyberattacks

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the risks of the U.S. Cyber Command engaging in offensive cyberattacks against foreign adversaries.

The prospect of the U.S. government using offensive cyberattacks against foreign adversaries appears to be gaining steam.

According to the New York Times, the Pentagon approved a policy that empowers the U.S. Cyber Command to initiate constant offensive cyberattacks designed to disrupt foreign networks. The Times report details a vision statement from military leadership that calls for cyber activities that are “short of war” to retaliate against hacking campaigns from adversarial nation states. The Pentagon’s new strategy for the U.S. Cyber Command, which has traditionally led the nation’s cyber defensive efforts, comes in the wake of many recent high-profile cyberattacks attributed to the governments of Russia, North Korea and Iran.

The concept of “hacking back” against cyber adversaries has gained momentum in both the private sector as well as the government. Some cybersecurity experts, however, have warned that the risks and unintended consequences of offensive cyberattacks can put private enterprises in the crosshairs of nation-state hackers.

What are the implications of the U.S. Cyber Command turning its attention to offensive hacking? What activities would be considered short of cyberwarfare? Could the Pentagon’s policy lead to an escalation of cyberattacks? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

More trouble for federal cybersecurity

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the recent federal cybersecurity report, which found the majority of agencies have significant security gaps.

The latest government report on the state of federal cybersecurity brought more bad news for Washington, D.C.

The Federal Cybersecurity Risk Determination Report and Action Plan, which was commissioned by the Office of Management and Budget and the Department of Homeland Security, found the vast majority of government agencies have significant gaps in their security postures. Specifically, the report found that 59 of 96 agencies are considered to be at risk, while 12 agencies are at high risk.

Key issues, according to the report, included ineffective and outdated identity and access management processes, a lack of communication between security operations centers, and a lack of accountability for agency leadership. The report also found that just 16% of agencies have deployed encryption for data at rest.

How serious are the federal cybersecurity report’s findings? What steps should be taken to improve the situation? What are the primary causes of the poor state of security in Washington? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Breaking down the Efail flaws

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the Efail vulnerabilities in PGP and S/Mime protocols, as well as the rocky disclosure process for the flaws.

The unveiling of the Efail flaws in encryption client software led to spirited debates about the rocky disclosure of the vulnerabilities and who, ultimately, was responsible for them.

The vulnerabilities, which were discovered by a team of academic researchers in Germany and Belgium, affect some client software that implements two popular protocols for email encryption in Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/Mime). The Efail flaws could allow threat actors to obtain the plaintext of messages encrypted with the affected client software.

The researchers’ technical paper pointed to faulty email clients rather than the protocols themselves, which sparked a debate about who was responsible for the Efail flaws. While some infosec experts argued the developers were on the hook, others such as Matthew Green, professor at Johns Hopkins University’s Information Security Institute, criticized organizations like GnuPG for not taking a more active role in addressing the problem. Additionally, a broken embargo for the branded vulnerabilities led to questions and concerns about coordinated disclosure processes.

Was there an overreaction to Efail? Who takes the majority of the blame for these vulnerabilities? Did the Efail disclosure actually fail? SearchSecurity editors Rob Wright and Peter Loshin discuss these questions and more in this episode of the Risk & Repeat podcast.

For Sale – Custom WaterCooled High end Gaming/Work Horse Rig .

PLEASE READ !!!! . HEAVILY CUSTOMISED and HEAVY !

I don’t want to repeat myself if this thread gets a bit full and folk trying there luck to get cheap parts .

I feel that this could be the right time to sell and get some money while i can .. Some of the Parts in this Pc is not very old and will have dates and Warranty next to the Components . all components new and old are still under at least for another year i have 95% off all boxes for the components and invoices from various online retailers . (invoices for everything)

The build started in September 2015 and finished in November 2015 . and has had a paint job ( heat resistant paint) in August/September 2016 . The Paint is on the Front and back panels of the 900D and the Grill covers (sides) and was stripped to prep and paint can also provide photos of the prep and painting. it also has custom lighting at the front and inside controlled by Aqua Computer Bluetooth Farbwerk and connected to the Aqua Computer Aquareo 6 XT with Remote . The case is also custom to Midshelf and motherboard tray plates made from Coldzero so the bare case metal is not visible . Drain port on bottom at the back of the rad .and can add one at the top also and have the tap .

hard drive Cage has been custom fitted to also accomidate and to pull out the system from the front by taking off the covers and filter .. easy peasy .

COMPONENTS

Prices are if i split and for rules and gives indication on value.

Will split after Xmas.

Corsair 900D custom (will include all custom plates costing in region of £150 and more) £250 . Bought 8/15 (no warranty due to painting)
Motherboard /MSI Godlike £235 Bought 8/15 (1 yr remaining)
PSU EVGA 1600 P2 £225 Bought 9/15 ( over 8 years remain) Registered .
Intel i7 5960x (J batch) £525 Bought 2016 (18 months left) check with serial
Bitspower full cover Motherboard block £75 Bought 2105 (not sure on warranty as was special order import)
Avexir Blitz1.1 32GB RED (4x8GB) DDR4 3000 £150 Bought 09/2016 lifetime warranty
Avexir Blitz 1.1 16GB RED (4x4gb) DDR4 3000 £100 Bought 10/15 lifetime warrany
EK-XTOP Revo Dual D5 PWM (incl. 2x pump) £100 Bought 10/16 Not sure as was replaced .

EVGA 1080ti SC black £650 / with waterblock £725 Bought 7/17 and Extended EVGA 5 Yr warranty

Phobya G-Changer 480 V.2 – Full Copper £50 Bought 10/15

EK Water Blocks EK-CoolStream PE 480 (Quad) £40 Bought 9/15

Samsung M.2 960 EVO 500GB £175 Bought 8/17 still has near full warranty .

Multipule EK & Bitspower watercooling fittins and drain ports to many to list unless the PC sells as a split. £150

Pc is fan controlled by motherboard cpu temps .

This system is overclocked to 4.5ghz @1.19 volts completely stable and has been since building it . It can go to 5ghz easy on 1.22v for benching as the chip is a J batch and is amazing CPU . Temps never go above 58c on ultra gaming in 4K and the GPU is on the same loop .

The pump can be split into to pumps with an extra adapter due to it being a duel pump .
This PC is very very very heavy . i have lots and lots of spare parts and fluids for the water aspect of the system and i can drain or include these with the system . If i had to guess the pc is about 100KG or heavier easy .

I can drain current fluid and clean and put any colour in for buyer at buyers cost of around £15 .

Price and currency: £3000
Delivery: Delivery cost is not included
Payment method: Cash / Bank Transfer
Location: Dumfries
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

The Bitcoin boom and its infosec effects

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the recent bitcoin boom and how the cryptocurrency’s rising value could affect the cybersecurity landscape.

The bitcoin boom that saw a dramatic rise in the cryptocurrency’s value in recent weeks could have big implications for information security.

In the last month, the price of a single bitcoin tripled, jumping from approximately $5,700 to more than $17,000. A number of factors, including interest in the opening of the first regulated bitcoin futures exchanges and a hard fork in the cryptocurrency, could be contributing to the bitcoin boom beyond a general increase in buying and selling volumes.

But the surge also comes at a time of rampant global ransomware attacks, many of which demand payment from victims in bitcoin. While some enterprises have disclosed ransomware attacks, experts generally believe that many more attacks are kept quiet.

Could cybercriminals and ransomware attacks be contributing to the bitcoin boom? What will the rising price of the cryptocurrency mean for the cybercrime economy? Will the high value of bitcoin lead to more cyberattacks on bitcoin owners and exchanges, like NiceHash, which recently lost approximately $80 million in bitcoin following a massive data breach?

SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more on the bitcoin boom in this episode of the Risk & Repeat podcast.

Analyzing the accidental data breach

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the rise of accidental data breaches following a series of enterprise exposures of user data online.

Data breaches are so common these days that some of them don’t even include threat actors or malware of any kind.

Troy Hunt, security researcher and creator of the website HaveIbeenpwned.com, recently testified before Congress in a hearing titled “Identity Verification in a Post-Breach World,” in which he discussed how organizations are often committing accidental data breaches. Such incidents typically involve enterprises mistakenly making corporate or user data public on the internet through cloud services, web services and other technologies.

Hunt’s testimony comes on the heels of a number of accidental data breaches via Amazon Web Services (AWS); several organizations, including the NSA and U.S. Army, have exposed sensitive data through misconfigured instances of AWS’ Simple Storage Service. More recently, Kromtech Security Center revealed that mobile app developer Ai.type exposed more than 370 million personal records of users, including, in some cases, users’ contact lists, through a misconfigured MongoDB database.

During the congressional hearing last week, Rep. Morgan Griffith (R-Va.) asked Hunt why these accidental breaches keep happening. “Is it really that easy to accidentally share your cloud services with the world?” Griffith asked.

“The simple answer to the last question is, yes, it is that easy,” Hunt said. “It’s very often just a simple misconfiguration.”

Why are enterprises committing so many accidental breaches? Do these incidents reflect a lack of security competency? Should cloud providers and software developers do more to protect customers from making these types of errors? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Sale of Symantec Website Security completed

Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the sale of Symantec Website Security to DigiCert and what it means for Symantec’s troubled certificate business.

DigiCert Inc.’s acquisition of Symantec Website Security was completed last week, but concerns in the browser community still remain about Symantec’s SSL certificates.

DigiCert agreed to acquire the Symantec Website Security division, which includes the vendor’s public key infrastructure (PKI) business, in August, following months of negotiations between Symantec and web browser giants Google and Mozilla regarding widespread issues with the security vendor’s certificate authority. Those issues included certificate mis-issuance and a lack of proper auditing, which led Google and Mozilla to propose a removal of trust for certificates issued by Symantec Website Security.

After tense negotiations and delays, Symantec ultimately agreed to a remediation plan that would turn over its SSL certificate operations to another trusted certificate authority that would oversee issuance and validation. Instead of choosing a third-party partner, Symantec agreed to sell its PKI business to DigiCert.

However, Mozilla expressed concerns that Symantec’s old PKI operations, as well as its culture and processes, would continue to operate despite DigiCert assuming ownership of the business — DigiCert has said that all Symantec certificates will be issued and validated by DigiCert’s PKI by Dec. 1.

Questions still remain about how DigiCert will address the systemic problems within the Symantec Website Security division and when they will be resolved. SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

One billion downloads of Skype for Android—thank you! | Skype Blogs

Today, Skype reached one billion downloads on the Google Play Store. Let’s repeat that:

One billion downloads!

Over the years, it’s been our mission to connect people—from wherever, whenever. Together, we’ve sent billions of messages, calls, and happy face emoticons—probably some sad ones, too. It’s sharing these special moments that make Skype one of a kind, and we’re so thankful that you’ve been with us along the way.

But just because we’ve reached this milestone doesn’t mean we’re going to stop.

We’ll continue to roll out creative new features and find ways to improve existing ones based on your feedback. And most important of all, we’ll continue to be your app for staying connected with the ones you care about most, every day.

So, thank you­—a billion times over—for using Skype. We wouldn’t be here without you.

Skype bow emoticon.

And as always, make sure you download the latest Skype now to see all the newest features and share your feedback with us in our Community!