Information Security News
Manager of Information Security Risk Analysis
University of Bridgeport Scribe (subscription)
Prestigious Organization is seeking a Global Information Security Manager Risk Analyst will work with peers in global information security (GIS) and across the Technology Division to ensure that InfoSec risks are properly identified, assessed ...
There are quite a few predictions out there for 2016, obviously some appear more interesting than others. I picked three that I could have an impact on what we do:
1- Cybersecurity Skill Shortage
I dont think this one is really that new since it has been on the radar for some time now. Depending who you ask and where you live, most predictions estimate up to several hundred of thousand positions will remain unfilled by the end of 2016.
2- Growing Number of Devices on the Internet
According to Gartner , they predict there will be up to 6.8 billion device in use in 2016 a whopping 30% increase from last year. That is a lot of devices to support, maintain and protect. This might have the biggest impact for those of us working in cybersecurity. Do you see your workload increase this year?
3- Cybercrime continue to Thrive
With traditional network, you have control of both the entry and exit point of the network, however, when the data move into the cloud, this type of control is lost. As more data move to the cloud, the task to protect and control the data based on organization boundaries is no longer possible. What could be worst, cyber criminals use the resources you pay for to attack other organization (i.e. looks like the attack comes from your organization). According to a McAfee, More than 70% think cybersecurity threats to their organization are escalating.
What are you the most concerned with this coming year?
A security vendor says it discovered a flaw in Comcast's home security system that could let criminals break into houses undetected by using radio jamming equipment. The vendor, Rapid7, says it alerted Comcast to the problem two months ago but never received a response from the company. However, Comcast told Ars that Rapid7 e-mailed the wrong address.
Though primarily known for its cable TV and broadband Internet services, Comcast also sells Xfinity-branded home security systems. Rapid7 found the flaw in Comcast's implementation of the ZigBee wireless protocol. Attackers armed with commodity radio-jamming equipment can "cause interference or deauthentication of the underlying ZigBee-based communications protocol," Rapid7 said. When this happens, sensors that detect motion or open doors and windows are unable to communicate with a base station hub in the home that controls the alarm system.
Rapid7 published details of the flaw in an advisory today, in accordance with its policy of giving companies at least 60 days to respond before making a security problem public. That's a pretty standard timeline used by other companies and security research organizations—though it seems Rapid7's attempt to contact Comcast went awry.
by Sean Gallagher
In a blog post, Emisoft Chief Technology Officer Fabian Wosar described the malware and its Tor-based administrative Web interface. Users of the service log in with their Bitcoin wallet addresses; once they're connected, they can configure features of the malware "client" for the service such as the messages displayed to victims during the malware installation and how much to demand in ransom for encryption keys. They can also track the payments already made and how many systems have become infected.