Daily briefing. February 21, 2019.
CyberWire – Social media posed enough operational security problems for Russian forces operating against Ukraine that the Russian Army cracked down on their soldiers’ online presence. It’s a general problem: a NATO red team reports that military personnel put enough personal information online to render them vulnerable to influence and social engineering. Troops also discuss matters better left undiscussed.
Protecting your ATMs, Part I: ‘You don’t have to run faster than the bear’
ATM Marketplace – “You don’t have to run faster than the bear. You just have to run faster than the other guy running from the bear.” It’s possibly not the most empathetic way to look at ATM industry security, but it is certainly realistic, pragmatic and smart. Because try as they might, ATM deployers will never outrun the bear — the bear in this case being criminals looking for easy money.
Renowned Architecture and Threat Modeling Visionary Brook S.E. Schoenfield Joins IOActive World-Class Advisory Practice
Industry Programmatic Security Expert Will Advise IOActive’s Global 1000 Clients with Strategic Security Programs Seattle, Wash., February 20, 2019 — IOActive, Inc., the worldwide leader in research-driven security services, today announced that Brook S.E. Schoenfield has joined the company’s Advisory Services team, bringing more than three decades of development and security expertise to the team. In his role as Advisory Services Director at IOActive, Schoenfield is focused on leveraging threat modeling and building robust software security programs for IOActive’s Global 1000 customers. “Brook’s thorough understanding of cyber risks and the…
The Cybersecurity Shift: The Best Defense Is a Good Offense
Channel Futures – The U.S. federal government depends on the private sector to help protect critical infrastructure. That’s no small feat for utilities and companies to accomplish, given the increasing frequency, intensity and variations of attacks from nation states and bad actors. With frustrations running high, the idea of retaliating or attacking pre-emptively inevitably comes to mind. But the idea was tabled in the past due to several restrictive circumstances ranging from legal liabilities to technical difficulties. Now the battlefront is changing again, and so is the technology in the…
Software Alone Can’t Fix Spectre-Class Flaws
Decipher – Over the past year, chip makers, operating system vendors, and browser makers have released multiple software updates addressing the two broad classes of flaws—Meltdown and Spectre—which attackers can abuse to access protected areas of a processor’s memory. It is becoming more apparent that side channel attacks affect all microprocessors with the speculative execution feature (which is most of them!), making them more widespread than was originally believed.