Manager of Information Security Risk Analysis
University of Bridgeport Scribe (subscription)
Prestigious Organization is seeking a Global Information Security Manager Risk Analyst will work with peers in global information security (GIS) and across the Technology Division to ensure that InfoSec risks are properly identified, assessed ...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

There are quite a few predictions out there for 2016, obviously some appear more interesting than others. I picked three that I could have an impact on what we do:

1- Cybersecurity Skill Shortage

I dont think this one is really that new since it has been on the radar for some time now. Depending who you ask and where you live, most predictions estimate up to several hundred of thousand positions will remain unfilled by the end of 2016.

2- Growing Number of Devices on the Internet

According to Gartner [1], they predict there will be up to 6.8 billion device in use in 2016 a whopping 30% increase from last year. That is a lot of devices to support, maintain and protect. This might have the biggest impact for those of us working in cybersecurity. Do you see your workload increase this year?

3- Cybercrime continue to Thrive

With traditional network, you have control of both the entry and exit point of the network, however, when the data move into the cloud, this type of control is lost. As more data move to the cloud, the task to protect and control the data based on organization boundaries is no longer possible. What could be worst, cyber criminals use the resources you pay for to attack other organization (i.e. looks like the attack comes from your organization). According to a McAfee, More than 70% think cybersecurity threats to their organization are escalating.[2]

What are you the most concerned with this coming year?

[1] http://www.gartner.com/newsroom/id/3165317
[2] http://www.mcafee.com/ca/resources/reports/rp-threats-predictions-2016.pdf

Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

(credit: Comcast)

A security vendor says it discovered a flaw in Comcast's home security system that could let criminals break into houses undetected by using radio jamming equipment. The vendor, Rapid7, says it alerted Comcast to the problem two months ago but never received a response from the company. However, Comcast told Ars that Rapid7 e-mailed the wrong address.

Though primarily known for its cable TV and broadband Internet services, Comcast also sells Xfinity-branded home security systems. Rapid7 found the flaw in Comcast's implementation of the ZigBee wireless protocol. Attackers armed with commodity radio-jamming equipment can "cause interference or deauthentication of the underlying ZigBee-based communications protocol," Rapid7 said. When this happens, sensors that detect motion or open doors and windows are unable to communicate with a base station hub in the home that controls the alarm system.

Rapid7 published details of the flaw in an advisory today, in accordance with its policy of giving companies at least 60 days to respond before making a security problem public. That's a pretty standard timeline used by other companies and security research organizations—though it seems Rapid7's attempt to contact Comcast went awry.

Read 15 remaining paragraphs | Comments


Sign up to extort hapless Windows users over Tor for mere Bitcoins a month! (credit: http://blog.emsisoft.com/2016/01/01/meet-ransom32-the-first-javascript-ransomware/)

Malware researchers at the anti-virus company Emisoft have uncovered a new "ransomware" package that encrypts the files of victims and demands payment to restore them. Dubbed Ransom32, the malicious code is different from CryptoWall and many other previous ransomware variants in two key ways: it was coded using JavaScript, and it’s being offered to would-be cybercriminals as a paid service.

In a blog post, Emisoft Chief Technology Officer Fabian Wosar described the malware and its Tor-based administrative Web interface. Users of the service log in with their Bitcoin wallet addresses; once they're connected, they can configure features of the malware "client" for the service such as the messages displayed to victims during the malware installation and how much to demand in ransom for encryption keys. They can also track the payments already made and how many systems have become infected.

The malware itself is based on NW.js, a framework based on Node.js that allows developers to write Windows applications in JavaScript. It is delivered, renamed as "chrome.exe," in a self-extracting archive along with a Tor client (renamed as "rundll32.exe") and a set of Visual Basic scripts used to display customized pop-up alert messages and perform some basic file manipulation. The malware is also packaged with a renamed version of the Optimum X Shortcut utility—software used to create and change Start menu items and desktop shortcuts. The entire payload is over 22 megabytes, which is huge in comparison to other crypto-ransomware packages.

Read 3 remaining paragraphs | Comments

Internet Storm Center Infocon Status