Services PIP America protects the value in your organization by managing operational risk in the cyber era
About Us Our unique partnership of top-tier consultants and U.S. military leaders aims to secure and grow American critical infrastructure, private enterprise and government Find out more about our team
Leadership Team Our people are world-class. Drawn from the highest levels of the U.S military and top-tier industry firms, they have deep industry and implementation experience Meet our Leadership Team
HighlightedPIPers Our people are world-class. Drawn from the highest levels of the U.S military and top-tier industry firms, they have deep industry and implementation experience Meet our Team
Contact Us Thank you for your interest. Get in touch with your questions or feedback Contact us to find out how we can help you
by Dawn Dunkerley Contributing Editor Honda Shuts Down Factories After Cyberattack – Popular Mechanics Based on samples posted online, cybersecurity researchers at MalwareBytes believe the attack fits into a family of file-encrypting ransomware variously referred to as Snake or Ekans.While cybersecurity researchers say a ransomware attack is most likely to blame, it’s unclear whether the attack targeted information technology systems or industrial control systems themselves. READ MORE Honda Ransomware Confirms Findings of Industrial Honeypot Research- SecurityWeek This year the researchers “identified multiple attackers executing ransomware operations involving data theft, the stealing of user credentials, and lateral movement across the victim’s network to compromise as many endpoints as possible.” Combined, the research indicates that cybercriminals are increasingly targeting critical infrastructure companies with increasingly dangerous attacks.An analysis of a honeypot-captured attack demonstrates the three basic stages of intrusion, persistence and lateral movement, and simultaneous detonation on as many systems as possible. READ MORE Editor’s Note: Including two stories for the price of one here to reiterate the fact that attackers are increasingly – and successfully – targeting industrial companies with malware meant to halt operations. I am sure most of these companies “assumed” their networks were segmented to prevent an impact to their operational systems, and the worst way to find out you were mistaken is after business grinds to a stop. There is a practical path to vastly improving your chances against ransomware, but it’s neither a shiny tool nor insurance. Misconfigured Databases Targeted Hours After Deployment- Dark Reading Misconfigured Databases Targeted Hours After Deployment researchers left a poorly configured database open on the Internet to learn who would connect to it and what they would steal.Cybersecurity expert Bob Diachenko, who led the Comparitech research team in this project, says an uptick in Elasticsearch attacks led them to pursue it. Editor’s Note: A really cool project here. For those who aren’t “geeks”, a honeypot is designed to entice attackers in order to learn about their tactics, techniques, and procedures in a simulated, but very realistic environment. What this particular honeypot learned is that a misconfigured database that was Internet-connected began receiving attacks approximately 8.5 hours after it was put in place. That’s only one business day to a potential disaster, as these attacks can steal the data from the database or be used to move further into your network. READ MORE When Your Biggest Security and Privacy Threats Come From the Ones You Love- Dark Reading Written by Karen Levy, a lawyer and sociologist, and information security luminary Bruce Schneier, the paper examines how the dynamics of different intimate relationships break the security model in a lot of systems.The use of technology in intimate relationships can quickly turn dark with very little recourse from the victim Editor’s Note: A sobering reminder that many online authentication methods that ask questions such as hometown, mother’s maiden name, or first car assume that only you know that information. That doesn’t take into account current and former intimate relationships that likely know those answers as well. Another great example of why strong, unique passwords stored in a password manager never goes out of style. READ MORE Microsoft squishes 129 bugs with Patch Tuesday updates- Naked Security Patch Tuesday was this week and software giant Microsoft released patches to fix 129 CVEs, 11 of which are rated critical. Editor’s Note: Ah yes, just what we all needed: Microsoft’s largest Patch Tuesday ever. Some pretty gnarly vulnerabilities here, so stop hitting that “ignore” button and patch your systems! READ MORE Babylon Health app leaked patients’ video consultations- Graham Cluley Babylon Health, makers of a smartphone app that allows Brits to have consultations with NHS doctors, has admitted that a “software error” resulted in some users being able to access other patients’ private video chats with GPs. Editor’s Note: COVID-19 has spurred the rise of teleconsultations and app-based solutions. I believe this is the wave of the future, and we’ll see more of these growing pains, just as we did here in the U.S. when medical records became digital. Couple this with the above article discussing former intimate partner violations of digital security and privacy, and your Editor reaches for the headache medicine. READ MORE Crooks hijack “Black Lives Matter” to spread zombie malware- Naked Security, Sophos Sophos Home protects every Mac and PC in your home. Editor’s Note: I would be remiss not to address the attacks attaching themselves to the Black Lives Matter movement. Just as with COVID-19, there is nothing off-limits to cyber attackers. Even with such a vital and urgent subject, follow phishing protocols and assume that if you didn’t solicit it, you shouldn’t click it. READ MORE Leave a Reply Cancel reply Your email address will not be published. Required fields are marked *Comment Name * Email * Website
