How to Prevent Cloud Configuration Errors

The advent of cloud computing has dramatically altered the technology structure of today’s companies – making it much easier and faster to deploy resources as needed. In the traditional model, application developers had to wait for IT to provision storage and compute resources; meanwhile, security and network teams were needed to make the resources accessible and compliant with company policies. The process often took weeks or even months. By contrast, cloud-based resources could be spun up in minutes, and new applications deployed in that same day, without IT or network security involvement.

SecMon State of the Union: Refreshing Requirements

Posted under: Research and Analysis

Now that you understand the use cases for security monitoring, the next step in our journey is to translate those use cases to requirements for your strategic security monitoring platform. In other words, now that you have an idea of the problem(s) you need to solve, what capabilities do you need to address the use cases? And part of that discussion is inevitably what you don’t get from your existing security monitoring approach, since this research wouldn’t be very interesting if you were all peachy with your existing tools.

Canadian Hacker Sentenced To 5 Years For Yahoo Security Breach

The computer hacker who worked with Russian spies was sentenced to five years in prison Tuesday for his role in a massive security breach at Yahoo. “U.S. Judge Vince Chhabria also fined Karim Baratov $250,000 during a sentencing hearing in San Francisco,” The Associated Press reports. From the report: Baratov, 23, pleaded guilty in November to nine felony hacking charges. He acknowledged in his plea agreement that he began hacking as a teen seven years ago and charged customers $100 per hack to access web-based emails. Prosecutors allege he was “an international hacker for hire” who indiscriminately hacked for clients he did not know or vet, including dozens of jobs paid for by Russia’s Federal Security Service. Baratov, who was born in Kazakhstan but lived in Toronto, Canada, where he was arrested last year, charged customers to obtain another person’s webmail passwords by tricking them to enter their credentials into a fake password reset page. Prosecutors said Russian security service hired Baratov to target dozens of email accounts using information obtained from the Yahoo hack.

“Deterrence is particularly important in a case like this,” the judge said during the hearing. He rejected prosecutors call for a prison sentence of nearly 10 years, noting Baratov’s age and clean criminal record prior to his arrest. Baratov has been in custody since his arrest last year. He told the judge Tuesday that his time behind bars has been “a very humbling and eye-opening experience.” He apologized to those he hacked and promised “to be a better man” and obey the law upon his release. The judge said it is likely Baratov will be deported once he is released from prison.

Cyber Security in the Connected World

Key targets for cyber-attacks include software products, IoT-connected devices, and the data that gets exchanged across the networks. To best protect your assets and your customers’ privacy it’s critical you understand the potential threats, be up-to-date in the latest defensive techniques, and be prepared to stand vigilant against future attacks.

Students confront the unethical side of tech in ‘Designing for Evil’ course

Whether it’s surveilling or deceiving users, mishandling or selling their data, or engendering unhealthy habits or thoughts, tech these days is not short on unethical behavior. But it isn’t enough to just say “that’s creepy.” Fortunately, a course at the University of Washington is equipping its students with the philosophical insights to better identify — and fix — tech’s pernicious lack of ethics.

Trojan watch

We continue to research how proliferation of IoT devices affects the daily lives of users and their information security. In our previous study, we touched upon ways of intercepting authentication data using single-board microcomputers. This time, we turned out attention to wearable devices: smartwatches and fitness trackers. Or more precisely, the accelerometers and gyroscopes inside them.