Mr. Robot season three keeps speeding along like an overclocked Alienware rig, maintaining its fast-paced plot throughout episode two while dropping plenty of new hacks along the way. As always, WatchGuard’s CTO, Corey Nachreiner, examines the technical accuracy of each show in his weekly Mr. Robot Rewind article series. One hack that played out pretty true to life this week … [Read more...]
Krack WPA2 Attacks – Daily Security Byte
In the early 2000s, you probably remember when researchers discovered some vulnerabilities that put the nail in the coffin of Wired Equivalent Privacy (WEP), a security protocol used to protect Wi-Fi communications. Essentially, this WEP vulnerability meant that attackers could quickly crack WEP encryption, and see all your wireless traffic. At the time, this flaw caused a … [Read more...]
The Problem with Hacking Back: It Might Be Your Network
The US government is considering allowing companies to “hack back” against cyber attackers. The Active Cyber Defense Certainty Act (ACDC) amends the Computer Fraud and Abuse Act to allow limited retaliatory strikes against cyber attackers. The full PDF amendment is available online. As noted in some comments in an article on the UK Register there is some skepticism about this … [Read more...]
S3 Bucket Security: More Than ACLs and Policies
Many companies are suffering data breaches because attackers gain access to data in AWS S3 buckets. I don’t want to repeat all the news articles outlining all the S3 data breaches. A Google search will give many examples, and it seems like by the time I write this another one will be in the news. Instead, I’d like to jump to why these S3 bucket breaches are happening and how to … [Read more...]
The Black Swan in Security Statistics ~ Zero Day Malware
Using a risk model based on security statistics is a valid and useful approach to defending against cyber attacks. A company can decide that if one type of attack is affecting a large percentage of companies, then chances are, they may be next. The company can take steps to defend against that attack. However, sometimes past statistics are not enough and can be … [Read more...]
