Black Hat News Storm Underway; Cisco, Big Card Hacks Also Making Hay

Friday, July 26, 2013

Joe Franscella


Black Hat News Storm Underway; Cisco, Big Card Hacks Also Making Hay

Black Hat USA 2013 (@blackhatevents) kicks off Saturday, running through next Wednesday – what a busy and exciting time for everyone in the cybersecurity industry and the news and PR machines. Everyone that watches the thunder – as the title suggests – has seen many, many news announcements wired and stories published in advance of the premier security event, some of the noteworthy I’ve seen have included:

(Tweet This: @BlackHatEvents News Storm Underway; @Cisco, Big Card Hacks Making Hay: via @infosecisland by @joefranscella)

Black Hat: Don't Blindly Trust Vulnerability Data.By Brian Prince of eWeek (@eweeknews), the story says researchers at Black Hat plan to discuss some of the common ways data about vulnerabilities is used to draw false conclusions about security. Report’s Prince: Brian Martin and Steve Christey, members of the CVE (Common Vulnerabilities and Exposures) Editorial Board will outline the ways they have seen vulnerability statistics misused over the years. Full story at:

Black Clouds On The Computing Horizon. ByAlan McStravick (@FutileExistence) of Silicon Angle (@siliconangle), the report rekindles a couple topics that have been overshadowed by trends such as threat intelligence and APTs – Cloud and Big Data. Penned McStravick: Today we are looking at the presentation entitled, ‘Post Exploitation Operations with Cloud Synchronization Services being given by Jacob Williams of CSR Group Computer Security Consultants. Williams, principal consultant at CSR, has more than a decade’s experience in malware reverse engineering, penetration testing, incident response, forensics and secure network design. For more, visit:

750 million phones vulnerable to spying: Hack SIM card via tainted text to get root. By Darlene Storm (@securityissexy) of Computerworld (@computerworld), the blog focuses on SIM card vulnerabilities, wrote Storm: For the last several years, cryptographer Karsten Nohl and his team at Security Research Labs in Berlin have tested about 1,000 SIM cards for vulnerabilities. Give this German cryptographer two minutes on a PC and he can send a send a secret text message that contains a “virus” to a mobile phone’s SIM card, and then basically get “root” and take over the phone. Thanks Darlene, Just when we thought the NSA was our main phone related worry. Read more at:

A historical overview of the cyberattack landscape. Posted on Help Net Security (@helpnetsecurity), the story is about a report put out by Venafi (@Venafi) that commemorates Black Hat’s Sweet 16 by taking a look at evolving attacks over the past 16 years. Reported Help Net: Venafi released a new report that chronicles the last 16 years of attacks, threats and exploits, and analyzes how they’ve evolved and intensified over time. They also offer advice to enterprises on how to better defend against new attacksthat increasingly leverage unprotected cryptographic keys and digital certificates. Read more at:

While actual Black Hat briefing’s news can typically overshadow everything else going on in the world of cybersecurity just about now, this year that isn’t the case. Some other headline driving news not to be missed that made its way onto the Solutionary Minds#FollowFriday blog includes:

Chipotle Faked Its Twitter Hack. Seth Fiegerman’s (@sfiegerman) coverage, on Mashable (@mashable), of the FAKE Chipotle Twitter hack was a very good read, breaking down the interview with a Chipotle representative after @ChipotleTweets tried to fool the burrito-eating world by executing one of the worst (or best?) publicity stunts of 2013. Fake tweets were sent out over the weekend and netted Chipotle 4,000 new followers and 12,000 retweets – a slight uptick from their daily average of 75 retweets. More at:

Hackers Reveal Nasty New Car Attacks--With Me Behind The Wheel (Video). Andy Greenberg (@a_greenberg) of Forbes (@ForbesTech), got behind the wheel with Charlie Miller and Chris Valasek, which was probably not the best idea. When you read Greenberg’s story and watch the video of his joyride in the compromised Prius, you’ll see what kind of afternoon he had. All in good taste, you can watch the hackers jerk the steering wheel while in motion, lock up the seatbelt, engage the horn and render the car’s brake useless. Full story:

Cisco to acquire security vendor Sourcefire for $2.7 billion. Open up your wallet, do you see $2.7 billion in it? Chump change for Cisco, who announced this week the acquisition of yet another security company, Sourcefire. CIO (@cioonline) Senior Correspondent, Chris Kanaracus(@chriskanaracus), summarizes nicely in his article the recent acquisition of the 650-employee organization. Cisco’s expects this latest acquisition to bolster its security offering by providing “advanced threat protectionacross the entire attack continuum -- before, during and after an attack,” and that Sourcefire will give them “deep security DNA.” Read more:

Five Charged In Massive Hacking Ring That Bilked Millions. CRN’s (@CRN) Rob Westervelt (@rwestervelt) jumped on the United States government’s accusation of five men linked to the hacks of Nasdaq, J.C. Penney, 7-Eleven and JetBlue Airways (and more). The five men from Ukraine and Russia are apparently in the history books for what is now being called “the largest hacking scheme ever prosecuted in the U.S.” This story is far from over as only two of the accused hackers are in custody. Read more:

Another worthy of mention:

Hacked in 276 Seconds - Timely Intelligence Improves Ability to Thwart Cyber Attacks: Survey. By SecurityWeek’s (@securityweek) Fahmida Rashid (@fahmiwrite), the story reports that new research out of the Ponemon Institute (@ponemonprivacy), sponsored by Norse (@norsecorp), reveals that just 4.6 minutes of advance warning can mean the difference between a successful compromise or breach and a thwarted cyber-attack. Reported Rashid: Organizations in the study spent an average of $10 million in the past 12 months to resolve the impact of exploits, the study found. Interestingly, if the organization had access to actionable intelligence about the attack within 60 seconds of it occurring, their cost of mitigation dropped, on average, by 40 percent. That translates to approximately $4 million in savings. Read more at:

Disclaimer: In my day job as Director of the Trainer Communications Cybersecurity Team, I represent Norse, Solutionary and Venafi.

Possibly Related Articles:
Infosec Island
Black Hat Conference
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.