security

BMW and cybersecurity

Not a month passes without seeing some major car manufacturer that has cybersecurity issues. This month we have seen made public a report from February 2016 related to BMW. The short story   The BMW ConnectedDrive Web portal was found to contain a vulnerability that could result in a compromise of registered or valid vehicle identification numbers, Vulnerability Lab warns. The security bug, affecting the BMW ConnectedDrive online service web-application, is a VIN (Vehicle Identification Number) session vulnerability, security researcher Benjamin Kunz Mejri reveals. VIN, also known as chassis number, is a unique code used in the automotive industry to…


VPNMentor.com: Cybertalk with IT security expert Sorin Mustaca

Cybertalk with IT security expert Sorin Mustaca   vpnMentor has had the privilege of talking with Sorin Mustaca, a Certified IT consultant with over 15 years of experience in IT security, and author of “Improve Your Security”, a guide for the common end user that deals with the question of how to beware of cyber threats on the individual level.   By Ditsa Keren, 16/06/2016 Content Can you tell us a little bit about your background in IT security? With so many new threats and with the fast development of hacking technologies, how can an anti-virus stay up to date…


Network Access Control and IoT Security

Network Access Control,  is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement. When a computer connects to a computer network, it is not permitted to access anything unless it complies with a business defined policy: anti-virus protection level, system update level configuration. While the computer is being checked by a pre-installed software agent, it can only access resources that can remediate (resolve or update) any issues and nothing else. Once the policy is met (it has an antivirus, it…


Do you actually need a security product in your car? Part 3 : Intrusion Prevention and Detection Systems

I ended part 2 with the promise that we will discuss about : 2) Intrusion detection and prevention systems (IDS/IPS or IDPS) From Wikipedia: Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are,…


Quoted in SecurityWeek.com: 45 Million Potentially Impacted by VerticalScope Hack

Source: http://www.securityweek.com/45-million-potentially-impacted-verticalscope-hack Author: Ionut Arghire, Security Week     Here is my longer comment:   LeakedSource writes on their website about a massive breach of VerticalScope.com and all its affiliated websites from February 2016. However, neither VerticalScope.com nor any of the websites mentioned in the LeakedSource page mention anything related to a hack. Even if denial of a breach is not something unseen before, after reading the Summary of the dump on LeakedSource I am starting to see here a pattern:  “Each record may contain an email address, a username, an IP address, one password and in some cases a second…


Article in German on Focus.de: Smartphone-SicherheitSchutz vor Hacker und Viren: So machen Sie Ihr Handy sicher

Smartphone-SicherheitSchutz vor Hacker und Viren: So machen Sie Ihr Handy sicher Mittwoch, 15.06.2016, 12:24 · von FOCUS-Online-Experte Sorin Mustaca   Zur Person Sorin Mustaca arbeitet seit dem Jahr 2000 in der IT-Sicherheitsbranche. So war er von 2003 bis 2014 bei Avira beschäftigt und dort als Product Manager für Avira Antivir zuständig. Inzwischen arbeitet er als Berater. Mustaca betreibt den Blog http://www.sorinmustaca.com/ Smartphones sind mittlerweile kleine Computer und damit anfällig für Viren und Hackerangriffe. Viele Nutzer machen sich darüber aber keine Gedanken – dabei lässt sich schon mit wenigen Maßnahmen die Sicherheit erhöhen. Handys sind inzwischen mehr kleine Computer als Mini-Telefone. Trotzdem machen sich…


How clever social engineering can overcome two-factor authentication… or not?

If you have a Google account you must have two-factor authentication enabled in order to prevent anyone to use your account by just having your username and password. If you don’t know how to do that, check my free eBook here. 2FA requires something that you know (username and password) and something that you have (smartphone) in order to allow access to your account.Unless somebody gets all of them, they simply can’t steal your account. Until now… Alex MacCaw has published screenshots from a new scam appeared that is targeting Google users who have two-factor authentication enabled (2FA). It works like this:…


Quoted on SecurityWeek.com over the 32,8 M Twitter accounts leaked

Source: http://www.securityweek.com/32-million-twitter-credentials-emerge-dark-web Author: Ionut Arghire, Security Week   The cybercriminal behind the claimed Twitter leak is the same hacker who was previously attempting to sell stolen data from Myspace, Tumblr and VK user accounts, namely Tessa88@exploit.im. The Twitter credentials have already made it online on paid search engine for hacked data LeakedSource, which says it received a total of 32,888,300 records, each containing user’s email address, username, possibly a second email, and a password. [..] What is yet unclear is how old the supposedly leaked data is, since LeakedSource doesn’t provide specific details on that, although they do suggest that…


Do you actually need a security product in your car? Part 1: Prevention, Detection, Remediation

Note: This is going to be a somehow longer article which I will finish in a couple of related posts.   A security product is a program that Prevents that malware enters the system Detects if previously unknown malware is running on the system Remediates the actions of detected malware on the system Note that it is not mentioned *how* PDR gets implemented in practice. There are many ways to implement them and it is out of the scope of this article how this gets realized.   Back to our question: Do you actually need a security product in your car?…


LinkedIn Legal : “Important information about your LinkedIn account”

Yeah, they’ve been hacked 4 years ago and now their data is everywhere … well, almost everywhere. The LinkedIn hack of 2012 is  now being sold on the dark web. It was allegedly 167 million accounts and for a mere 5 bitcoins (about US$2.2k) you could jump over to the Tor-based trading site, pay your Bitcoins and retrieve what is one of the largest data breaches ever to hit the airwaves. Until this week, when Myspace.com leak from 2013 (or 2008!) released data of over 360Mil users.   LinkedIn’s Legal wrote :   Notice of Data Breach You may have heard…


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close