A small Nigerian Internet service provider (ISP) hijacked traffic meant for Google data centers on Monday, re-routing local traffic through China and Russia and making some hosted services temporarily unavailable for users.
Skilled operators make all the difference in incident response and threat hunting. With talent scarce (and expensive), however, managed threat hunting teams may be worth a look, writes Scott Taschler of the firm Crowdstrike.
Industrial control systems (ICSs) remain easy targets for nation-states actors because of security gaps such as plain-text passwords, direct Internet connections and weak anti-virus protections, a new report has found.
Podcast: Play in new window | Download (Duration: 35:36 — 40.7MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s episode (#115), noted hardware enthusiast and hacker Joe Grand (aka “Kingpin”) told reporters from Bloomberg that finding an in-the-wild supply chain hack implanting malicious hardware on motherboards was akin to witnessing “a unicorn jumping over a rainbow.” They went with their story about just such an attack anyway. Joe joins us in the Security Ledger studios to talk about whether Bloomberg got it right. Also, Adam Meyers of Crowdstrike comes into the studio to talk about the U.S. Department of Justice indictment of seven Russian nationals. Adam talks about the hacks behind the charges and what comes next.
The NotPetya malware’s ability to cripple even sophisticated, global firms is a cautionary tale about the need for businesses to understand their risk and take a holistic view of security says Fadi Albatal, Chief Strategy Officer at Hitachi Systems Security.*