For better or worse, there seems to be more instances of misconfigurations. This may be on servers, AWS, or other targets. The issues range from minor to rather significant (i.e. forgetting about apply security and allowing anyone with an AWS account to login for your instance). At this point, significant misconfigurations really should not be occurring. There are many opportunities and sources to learn from. One such oversight occurred in Brazil. This provided for a massive

Although print newspapers are having issues due to the online outlets, these are still present and noticeable throughout the communities and provide a valuable service. The newspapers have not been targeted over the last few years, as frequently as others. These organizations don’t have PII or PHI to the extent others, e.g. doctor’s officed or hospitals. These also don’t have a mass amount of money laying about. While there are other more viable targets, the newspapers certai

Colleges and universities continue to be targeted based on the treasure of data stored in their system. This includes the students, faculty, and administrative staff’s names, addresses, email addresses, social security numbers, and many more data points per person, which are readily marketable on the dark web. While this is required for the university operations, this also has the tendency to bring unwanted attention from attackers, seeking their data. One such university is

The business email compromise (BEC) had been widely and wildly popular over the last three years. This is partially due to how very easy this is to execute, low technical skills required, low cost, and high reward when the attack is successful. This has been used as the attack method across many industries with varied success. The attack template is very simple. The attackers send the phishing email. One or more targets click the link or the other specific attack mechanism. T

Vehicles abound in society and culture. These vary in age, color, manufacturer, and the amount of tire and brake wear. One topic which has been in the news and talked about commonly has been securing these vehicles, especially the connected vehicles now and the future autonomous vehicles. Seemingly, there are new articles with these are the story focus. With these vehicles, due to the other assets the vehicle connects to (e.g. V2X, V2I, V2V, V2G, etc.), a successful attack ha

Banks are a universal feature through the world. These are present in the varied governmental forms, in various asset sizes, and to make loans in various amounts. The loan sizes vary from the micro-loan of a few hundred dollars to millions of dollars in most cases. India is no different than the other countries as it relates to banking. One of the banks in India is Cosmos Bank, which is the 2nd largest cooperative bank. The bank is based in the western city of Pune. Attack Ba

High schools are much like universities and colleges, in that these hold a mass amount of data which may easily be sold. This assists in making them more of a target. This coupled with their budgetary constraints makes InfoSec difficult at times, much like this recently especially was for the San Diego USD. Attack This compromise is a bit different than most of the others. The reports are the school district is not sure of the attack vector, however, they believe this was the

Here we go again: VW/Audi Infotainment Issue-Charles Parker, II As technology advances, there are more opportunities for vulnerabilities to be researched and published. These continue to abound throughout the industries using these technologies. With computer chips, there have been the Spectre and other vulnerabilities, and smart phones, Rowhammer and many others for the different platforms. Vehicles have the same issues, as these are much of the same equipment. There may not

Qakbot: Much more than it's cracked up to be Charles Parker, II Malware is a valid, viable tool for attackers. There are the usual variants that have been coded over time. As these are introduced over time, the signature attack became known and the defensive systems know to look for these. The attackers clearly are aware of this and code variants of this malware to evade detection. One such example is Qakbot. Origins Qakbot is not a new malware example. This has been around s

Cybersecurity for embedded systems has come onto the limelight in recent years. The connected systems in vehicles have pulled this as a primary focus. If these systems are compromised, no one is safe on or near the roadways. With the emphasis on this, a bit of history is warranted. Without a quick baseline of where we began, the present trajectory does not mean as much to us. Just over four years ago, there was an astounding event. About this same time, the infamous Jeep hack