News

No Picture

First time in history: 1.4 mil vehicles recalled due to security issues (hacking)

Fiat Chrysler will recall 1.4 million vehicles in the United States to install software to prevent hackers from gaining remote control of the engine, steering and other systems in what federal officials said was the first such action of its kind. The announcement on Friday by FCA US LLC, formerly Chrysler Group LLC, was made days after reports that cybersecurity researchers used a wireless connection to turn off a Jeep Cherokee’s engine as it drove, increasing concerns about the safety of Internet-enabled vehicles. This is happening when you want to hit a milestone instead of doing the things right from…


ITSecurityNews.info says Farewell to Mailchimp

  .. and hope to never see you again! Yes, I closed my account because of so many issues in the past time. First, it was because I had too many mails, then too many subscribers, then the emails below. Due to the fact that probably some bots were registered, some sensitive keywords went in the email (after all, the website is about IT Security), they decided to block my account. And I removed it. Because of the email addresses that were blocked, I received also the email below: Imagine that from almost 2500 emails a few emails were probably fake,…


Phishing created for Apple’s mobile devices

I received last night an email pretending to come from Apple’s support. But, it is badly made if you see it in an email client. Dear Customer AppleID14028364ca Due to recent updates we are asking many of our customers to confirm their information this is nothing to worry about. We are making sure we have the correct information on file and that you are the rightful account holder. Failure to comply with this may result in your account being suspended. Once completed you may resume to use your account as normal and we would like to thank you for taking…


No Picture

What you need to know about the “Hacking Team” which was hacked (and I was quoted)

My good friend Richard Adhikari has written yesterday a very good article about this incident. Read it here: Hacking Team’s Dingy Laundry Hung Out Online Here is where I get quoted as founder of Sorin Mustaca IT Security Consulting: A Black Bag Job? “It could be that some government agency who’s a customer of Hacking Team decided to discredit them and force them to close their doors,” said Sorin Mustaca, founder of Sorin Mustaca IT Security Consulting. “These special customers don’t like to leave traces of their acquisitions,” he told the E-Commerce Times.   Here are additional comments Apparently, on…


No Picture

OpenDNS acquired by Cisco

I wrote an article which recommends OpenDNS to FritzBox users to use OpenDNS to filter malicious domains and perform parental control on the traffic that gets into their home routers.  &  And now, not a week later I see: Cisco made a big acquisition offer to OpenDNS and they accepted it. Wow, what a news! Read here the official posts from OpenDNS and from Cisco– Here are some FAQ related to the acquisition: https://www.opendns.com/cisco-opendns/   The idea is that OpenDNS will remain free for personal users. Of course, I expect in time that things will evolve, but I think that the free users bring a lot…


No Picture

How much is a blog instance worth?

I wrote in the post  Do you really know who’s visiting your website? about how often hackers probe my websites. IT Security News has of today this: 5,914 blocked malicious login attempts / was 2092 on May 8th 2,182 spam comments blocked by Akismet. / was 2115 on May 8th The login attempts more than doubled in just 5 weeks. Of course, they are all automated attacks, so we can’t really speak of an effort from anyone’s site.   Why ? If a hacker “owns” a website he is able to do a few things:  Change content and possible deliver malware to your readers Host individual “sub-pages”…


No Picture

NIST Released “Guide to Industrial Control Systems (ICS) Security”

NIST is pleased to announce the release of Special Publication 800-82, Revision 2, Guide to Industrial Control Systems (ICS) Security. Link to the full news announcement about this Special Publication (SP 800-82 Revision 2) can be found on the CSRC News page at: http://csrc.nist.gov/news_events/#june8b Direct link to the SP 800-82 Revision 2 document (in .PDF) on the NIST Library website: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf NIST’s Public Affairs Office also released a press release regarding the release of this Special Publication: http://www.nist.gov/el/isd/201506_ics_security.cfm Link to this Special Publication is also provided on the CSRC Special Publications page at: http://csrc.nist.gov/publications/PubsSPs.html#800-82  


No Picture

Spam is indeed good for something! But you will never guess what for.

I have several websites, but the most visited by far is IT Security News (http://www.ITSecurityNews.info). I receive a lot of spam in it which is caught by the plugin Akismet of WordPress. But, from time to time, I receive an email directed to info@ or other addresses. The latest one looks like the screenshot below and I am being offered to advertise to some newspaper for £515 pounds a month.   I have no idea if this is a good offer or not, but I don’t care since I don’t make any money with this website. I couldn’t find the right business model for…


No Picture

Top 500 cybersecurity companies

Not so many people outside of the IT Security business know which are the top 500 companies in this field. Cybersecurity Ventures has published this top: check it here. I am not allowed to reproduce any parts of it, but I can tell you that the number 1 is FireEye. From the AV world, we have here: AVG on place 6, TrendMicro on 13, Avast on 439, Avira on 114.  


Why security recommendations often get ignored

I read very often about vulnerabilities and companies that got hacked. Many times, the reason for which they got hacked was because some recommendation issued by some smart people (read: security minded people) are ignored.   But why are they ignored? I found some articles where several explanations are given for what is called “information avoidance“. These researchers define information avoidance as “any behavior intended to prevent or delay the acquisition of available but potentially unwanted information.” Applying this to IT Security, it makes sense to embrace ignorance in all these areas: writing secure code Argument: To write code free of security…


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close