Baltimore becomes the third U.S. city in a week to be hacked
An article by Julius White at WEAA.org:
Ransomware. Privacy. User Data. Facebook. Hacked. Those words and phrases have been all over the news in the past couple of weeks. Just last week, the City of Atlanta’s computer network was hacked and those responsible demanded $58,000 in ransomware to allow the city to regain its systems. Computer repair expert William Allen, talks with WEAA’s Julius White about how not only to protect your computers, but your privacy on social media as well.
The City of Leeds, Alabama, a small community just outside of Birmingham, was hacked and the hackers demanded and were paid $12,000. In Baltimore, city officials say the 911 dispatch system was hacked over the weekend, prompting a temporary shutdown of automated dispatching.
In a statement released Wednesday, Frank Johnson, Baltimore Chief Information Officer, issued a statement about the weekend hack that prompted a temporary shutdown of the automated 911 dispatch system. “ [We] identified a limited breach of the Computer Aided Dispatch (CAD) Network over the weekend that supports the 911 and 311 Public Safety Emergency Communications Services due to “ransomware” perpetrators,” said Johnson. “We were able to successfully isolate the threat and ensure that no harm was done to other servers or systems across the City’s network. Once all systems were properly vetted, CAD was brought back online. No personal data of any citizen was compromised in this attack. The City continues to work with its federal partners to determine the source of the intrusion.” Johnson went on to assure all Baltimore city residents that [the City is] fully committed to safeguarding the integrity of the City’s IT infrastructure and assets.
So, how can you protect your home computers—your laptops, etc., from being hacked? What about safeguarding your privacy while social media, i.e., Facebook, Instagram, etc.? Computer repair expert William Allen has information for your social media peace of mind.
Read and Listen to more here.
Under Armour MyFitnessPal hack affects 150 million user accounts
The accounts of about 150 million users of nutrition-tracking app MyFitnessPal were breached last month, Under Armour (UAA) said Thursday, adding its name to the list of corporations targeted by hackers.
Hackers gained access to personal data included user names, emails and encrypted passwords, the sportswear apparel maker said in a news release. The affected data did not include Social Security numbers and driver’s license numbers.
Under Armour is investigating the data breach.
The company on Tuesday learned that an unauthorized party had acquired data associated with MyFitnessPal user accounts in late February. Under Armour said it would notify anyone whose information was exposed in the cybertheft.
Read more here.
Open Vulnerability Assessment System release 9 (OpenVAS-9)
The OpenVAS developers are happy to announce a round of maintenance
releases for the Open Vulnerability Assessment System release 9
(OpenVAS-9).
This round includes the following releases:
– OpenVAS Libraries 9.0.2
– OpenVAS Scanner 5.1.2
Many thanks to everyone who has contributed to the releases.
For a detailed list of the changes in the individual modules, please refer
to the “CHANGES” file which is included in every release file or to the
release notes under the corresponding repositories of each module at
the GitHub project page.
https://github.com/greenbone/gvm-libs/releases
and
https://github.com/greenbone/openvas-scanner/releases
This page contains signatures for every release file as
well.
You can find links to the latest source tarballs for all currently
maintained releases here:
? http://openvas.org/install-source.html
Releases of other Openvas-9 modules are expected to follow soon, as well
as binary packages for major GNU/Linux distributions by third parties.
p-smash DoS (ICMP 9 flood)
p-smash DoS (ICMP 9 flood)
| Vulnerability | Severity | |||||||
| p-smash DoS (ICMP 9 flood) | ||||||||
|
Summary – It was possible to crash the remote machine by flooding it with ICMP type 9 packets. Vulnerability Detection Result – Vulnerability was detected according to the Vulnerability Detection Method. Impact – A cracker may use this attack to make this host crash continuously, preventing you from working properly. Solution – Upgrade your Windows 9x operating system or change it. Vulnerability Detection Method – Details: p-smash DoS (ICMP 9 flood) (OID: 1.3.6.1.4.1.25623.1.0.11024) Version used: $Revision: 8144 $ References:
|
||||||||
Information Assurance Scholarship Program: Capitol Technology University
Picture this: a full scholarship package enabling you to complete your cybersecurity education without being hampered by financial burdens.
In addition, a generous stipend covering room and board.
And the assurance of federal government employment after graduation.
All this is possible through the Information Assurance Scholarship Program (IASP), which is available to students at DHS and NSA-designated Centers of Excellence in cybersecurity education, including Capitol. But don’t let time slip by: the application deadline is coming soon. Here’s how the IASP works.
Students chosen for this prestigious opportunity receive full scholarship packages including undergraduate or graduation tuition as well as a stipend ($25,000 undergraduate and $30,000 graduate) for room and board.
In exchange, for each year that they receive the scholarship recipients agree to provide one year of paid cybersecurity work for the federal government after graduation.
You must apply through the university. The deadline for completed IASP applications is Monday, February 5, 2018. Completed applications must be submitted with unofficial transcripts and 2 letters of reference from faculty or employers. The application includes a competency statement related to six areas of cybersecurity competency. Official transcripts must be submitted by Friday, February 16, 2018 for submission to the funder.
All applicants will present on their knowledge and ability in the six competency areas via Adobe Connect. The selection panel representatives will interview all applicants immediately following their presentation. Presentation/Interview sessions will occur between February 6, 2018 and February 16, 2018. Notification of selection for nomination will be made to students by February 28, 2018.
The nominated student list will be forwarded to NSA by the deadline of February 28, 2018. NSA will make the final selections by August 1, 2018.
Completed applications should be received by midnight 5 February 2018. Email address: iasp@captechu.edu
Assistance for Students
The Career Services department can assist you and provide guidance in completing the IASP application process. For more information, e-mail Careers@captechu.edu or phone 240-965-2494. Make sure to leave a message.
View this video for information about completing the application. The segment related to your responses for the six competencies gives concrete examples of how to represent your knowledge and ability in these areas.
An Adobe Connect information session will be held on Thursday 25 January 2018 @ 7 PM EST: http://capitol.adobeconnect.com/iasp/
2018 Security Concerns to Look Out For
2017 was a tough year for cyber security companies and professional as phishing attacks, ransomware and state-sponsored attacks took front stage. So what should we expect for 2018? I say bigger breaches and new types of attacks if the current trend continues. With that being said, her are a few of my ideas on the types of attacks that will cover our headlines in 2018:
- State-sponsored Attacks will Increase – The regular actors such as North Korea, China, Russia and Iran will continue with their cyber-attacks to extort, steal and disrupt information systems. I also see new actors including our so called allies jumping into the pot to obtain economic and technological advantages.
- Internet of Things (IoT) attacks will increase – As more Internet connected devices enter the market from what I have been able to ascertain from this year’s CES, I could not help but think about how minimal security controls are implemented to defend against cyber-attacks.
- Ransomware Attacks will Increase – The increase of ransomware attacks are no surprise to me since their presence have increased from 2016 to 2017 exponentially and I see no change in 2018. What I am most concerned with in the idea many of the new attacks will be targeted. For example, there are concerns, hackers will focus their efforts towards the health-care sector and target devices such as pacemakers. So instead of paying to get you information back, a person will have to pay to keep their life.
These are just a few of the concerns I predict will have security practitioners up at night, the good news, our awareness of this threats have increased and security tools are being implemented to assist in defending our information systems and data. What do you think?
