CyberSecurity Pulse 2016-03-31
|"It is not bigotry to be certain we are right; but it is bigotry to be unable to imagine how we might possibly have gone wrong"|
|G.K. Chesterton (1874 – 1936) – English writer|
Is Crawling Enough to Know What Is Happening in Tor?
Instead, it seems risky to ensure that Tor network is not being used for internal communication of terrorist groups, mainly because, as in the surface, there are platforms that implement additional security measures to hinder access by automated monitoring programs. As in conventional surface web monitoring, in this case, it would not be enough to adopt crawling capacities to extract this conclusions. It would be interesting to supplement it with a Human Intelligence Unit whose methods would help to access the contents hosted in private and inaccesible areas of the network that cannot be monitored otherwise.
Apple Doesn't Know How FBI Hacked IPhone
The FBI has unlocked the iPhone used by one of the San Bernardino terror attackers, officials said Monday, ending a heated legal standoff with Apple that had pitted US authorities against Silicon Valley. Apple, backed by a broad coalition of technology giants like Google and Facebook, was fiercely opposed to assisting the US government in unlocking the iPhone arguing that this action would have serious implications on security and privacy.
Water Treatment Plant Hacked, According to Verizon
"Hackers infiltrated a water utility’s control system and changed the levels of chemicals being used to treat tap water", Verizon Security Solutions told on their last data breach report. Although they have not wanted to reveal the name and location of the utility affected, it's known that the hacktivist group had ties with Syria and that it exploited unpatched web vulnerabilities in its customer payment portal. Another incident that has highlighted the cybersecurity gaps involving critical infrastructure facilities.
Rest of the Week´s News
Possible Verizon Data Breach
Verizon Enterprise Solutions is shocked by its own data breach involving the theft and resale of customer data. Earlier this week, a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information of about 1.5 million customers, which include the 99% of the companies in the Fortune 500.
NASA Has a Cybersecurity Problem
Citing multiple inside sources and internal documents, Jason Miller, executive editor for Federal News Radio, stated this week that there are hundreds of thousands, if not millions, of patches that have not been applied to NASA IT systems, exposing them to potential attacks.
Millions of Android Phones Vulnerable
Millions of Android phones are vulnerable to attacks that can execute malicious code and take control of core functions almost permanently by getting root access. Google is in the process of releasing a fix, but at the moment any phone that has not received a security patch level since March 18 or later is vulnerable.