Data Seepage: How to Give Attackers a Roadmap to Your Network
by HNS - Thursday, 14 June 2007.
At Black Hat Europe we met with Robert Graham and David Maynor, the CEO and CTO of Errata Security. In this video they talk about how the days of widespread internet attacks are long gone. What's more popular now are more directed or targeted attacks using a variety of different methods. This is where data seepage comes in. Unbeknownst to a lot of mobile professional's laptops, PDAs, even cell phones can be literally bleeding information about a company's internal network. All this information can be used by an attacker to make attacks more accurate with a higher likelihood of success.
There is still way too much apathy when it comes to data-centric security. Given the sensitive data the OPM was tasked with protecting, it should have had state-of-the-art data protection, but instead it has become the poster child for IT security neglect.
The Internet of Things (IoT) started like any other buzzword: poorly defined, used too often, and generally misunderstood. However, it stood the test of time and is now increasingly becoming part of everyday language, even with those outside the IT world.
Smartwatches with network and communication functionality represent a new and open frontier for cyberattack. HP found that all tested smartwatches contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns.
Trend Micro researchers have analyzed the code of the actual spyware: RCS Android. It can do so many things and spy on so many levels that they consider it the most sophisticated Android malware ever exposed.
Threat intelligence is a must-have for identifying malware and other threats that evade preventive security controls. But it's only as good as how you apply it – and many organizations aren’t applying it in a way that enables them to get the full value.