Tag Archives: Information security

Exclusive Infographic: All Cyber Attacks on Military Aviation and Aerospace Industry

Cross Posted from TheAviationist.

2011 has been an annus horribilis for information security, and aviation has not been an exception to this rule: not only in 2011 the corporate networks of several aviation and aerospace industries have been targeted by digital storms (not a surprise in the so-called hackmageddon) but, above all, last year will be probably remembered for the unwelcome record of two alleged hacking events targeting drones (“alleged” because in the RQ-170 Sentinel downed in Iran episode, several doubts surround the theory according to which GPS hacking could have been the real cause of the crash landing).

read more

January 2012 Cyber Attacks Timeline (Part 1)

Click here for part 2.

New year, new Cyber Attacks Timeline. Let us start our Information Security Travel in 2012 with the chart of the attacks occurred in the first fifteen days of January. This month has been characterized so far by the leak of Symantec Source Code and the strange story of alleged Cyber Espionage revolving around it. But this was not the only remarkable event: chronicles tell the endless Cyber-war between Israel and a Saudi Hacker (and more in general the Arab World), but also a revamped activity of the Anonymous against SOPA (with peak in Finland). The end of the month has also reserved several remarkable events (such as the breaches to T-Mobile and Zappos, the latter affecting potentially 24,000,000 of users). In general this has been a very active period. For 2012 this is only the beginning, and if a good beginning makes a good ending, there is little to be quiet…

read more

What Security Vendors Said One Year Ago…

I did not resist, so after publishing the summary of Security Predictions for 2012, I checked out what security vendors predicted one year ago for 2011. Exactly as I did in my previous post, at the beginning of 2011 I collected the security predictions in a similar post (in Italian). I also published in May an update (in English) since, during the Check Point Experience in Barcelona held in May 2011, the Israeli security firm published its predictions. Even if the latters have been published nearly at the half of 2011, for the sake of completeness, I decided to insert them as well in this year-to-year comparison.

read more

Browsing Security Predictions for 2012

Update 01/11/2012: Year-to-Tear comparison with 2011 Security Predictions

The new year has just come, vacations are over, and, as usually happens in this period, information security professionals use to wonder what the new year will bring them from an infosec perspective. The last year has been rich of events, whose echo is still resounding, and as a consequence, if RSA and Sony breach were not enough, the main (and somehow obvious) question is: will 2012 stop this trend or rather bring it to unprecedented levels, or, in other words, which threat vectors will disturb the (already troubled) administrators’ sleep?

read more

December 2011 Cyber Attacks Timeline (Part II)

This infamous 2011 is nearly gone and here it is the last post for this year concerning the 2011 Cyber Attacks Timeline. As you will soon see from an infosec perspective this month has been characterized by two main events: the LulzXmas with its terrible Stratfor hack (whose effects are still ongoing with the recent release of 860,000 accounts), and an unprecented wave of breaches in China which led to the dump of nearly 88 million of users for a theoretical cost of nearly $19 million (yes the Sony brech is close). For the rest an endless cyberwar between India and Pakistan, some hactivism and (unfortunately) the usual amounts of “minor” breaches and defacement. After the page break you find all the references.

read more

November 2011 Cyber Attacks Timeline (Part I)

Update 12/01/2011: November Cyber Attacks Timeline (Part II)

This first half of November has been very hard for Steam. The Valve Online Gaming Platform suffered a security breach putting at risk a potential sample of 37 million of users and hence wins the crown for the Major Breach of the First Half of November.

read more

Information, The Next Battlefield

Today the Information Security Arena has been shaken by two separate, although similar, events: IBM and McAfee, two giants in this troubled market, have separately decided to make a decisive move into the Security Information And Event Management (SIEM) market by acquiring two privately held leading companies in this sector.

read more

The Secret Behind LOIC? Simple!

Everyone dealing with Information Security knows very well that SNMP (which stands for Simple Network Management Protocol and corresponds to the standard UDP protocol used to monitor servers and network elements) is considered insecure. In too many circumstances network administrators forget to change the default community strings (the strings used to “softly” authenticate the manager and the agents) from their default values which are typically “public” for read-only access and “private” for read-and-write access on the monitored device. This happens sometimes for thoughtlessness, or simply because network administrators do not consider changing the default security strings a security issues.

read more

If Phishing Goes Mobile…

One of the most surprising things I noticed concerning the Lockheed Martin Affair, was the affirmation contained in the Reuters Article, made  by Rick Moy, president of NSS Labs, indicating that the initial RSA attack was followed by malware and phishing campaigns seeking specific data to link tokens to end-users (an indirect evidence of the same authors behind the infamous RSA breach and the Lockheed Martin attack.

read more

More Random Thoughts on the RSA Breach

The X-35, Joint Strike Fighter from Lockheed M...
Image via Wikipedia

Probably it was a quite easy prediction, however it looks like what I suggested on my random thoughts on the RSA Breach has definitively come true: RSA was not the target, probably its customers were.

On this front, the last two days were quite turbulent, and what seemed initially a simple speculation of an attack using compromised SecureID seeds targeted to “a very large U. S. defense contractor”, is revealing to be one of several attacks towards military contractors of U.S. Defense, using the data stolen during the famous breach of March.

read more