Vendor Vulnerabilities: Is NSA Obligated to Let them Know?

Cisco’s Cloud Service Platform customers received word of exposures that could severely risk their data’s privacy. In September 2016, Cisco informed their virtual networking clients of the discovery that more than 840,000 devices are open to two serious vulnerabilities. Fortinet customers’ data were also exposed in the theft. These exploits can lead to man in the middle attacks around the globe.

Shadow Brokers 

A group identifying itself as Shadow Brokers allegedly stole exploits from Equation Group, linked to the National Security Agency three years ago. Using a Twitter account, Shadow Brokers recently announced an auction for firewall exploits they claim they found with a hacking tool used by the NSA. The group demanded Bitcoins in exchange for data with codenames such as EPICBANANA, EGREGIOUSBLUNDER, AND EXTRABACON.

EXTRABACON

One of the exploits that targets Cisco ASA, Cisco Firewall Services [...]

Share

InfoSec Risks, Threats, Vulnerabilities &; Countermeasures

This article takes a closer look at infosec risks, threats, attacks, vulnerabilities and countermeasures/security controls. It differentiates between the concepts and provides industry-standard definitions for each. The article also explores four basic categories of countermeasures/security controls: preventative, reactive, detective and administrative. Finally, the article examines the ‘Risks = Threats X Vulnerabilities X Impact’ formula from a critical [...]

Share

SANS: Top Security Risks

The 2009 SANS Institute’s “Top Cyber Security Risks” report identifies some of the major risks and vulnerabilities that are commonly ignored by organizations. The top two “priority” risks are: 1) Unpatched client-side software and 2) Vulnerable internet-facing websites. The report goes on to identify some vulnerability trends and lists best practices for mitigation and control of security [...]

Share

Controlling and Managing Risk

Risk management plays a crucial role in helping organizations protect and secure their information assets. Effective risk management programs are a significant component of any IT security program. This article will discuss the role of risk management, including the identification, assessment, prioritization and diffusion of risks.

Risks, Threats & Vulnerabilities

Risk is often confused with other related terms and concepts. The lines between risks, threats and vulnerabilities are sometimes confused. Further, the terms “risk assessment” and “vulnerability assessment” are frequently used interchangeably, though they have very different applications.

The term “risk” is defined as the impact that could result from vulnerability, or the [...]

Share