Security Researchers Identify Critical Vulnerabilities in AMD Chips: Chimera, Ryzenfall, Masterkey and Fallout

Critical Vulnerabilities in AMD Chips Security researchers at CTS-Labs, based out of Israel, disclosed 13 critical vulnerabilities and backdoors in certain AMD chips used in workstations, laptops and servers. Successful exploitation of these vulnerabilities could grant deep system access to attackers from which they could launch malware attacks undetected. The vulnerabilities are four in name:[…]

SEC Issues New Cybersecurity Guidance: What you need to know

On February 21, 2018, the SEC issued new guidance on cybersecurity disclosures for public companies. As an “interpretive release,” the new guidance interprets existing laws. In this case, the SEC has clarified the statutes that may affect reporting of cybersecurity risks and incidents. The guidance also addresses various costs and consequences of cybersecurity that should[…]

Meltdown and Spectre – A Quick Overview

Bottom Line Up Front Security Researchers have publicly disclosed the details of CPU design flaws that are the result of design decisions made industry wide more than a decade ago to speed up processing and allow a computer’s processor to access information before it was needed. The resultant vulnerabilities, Meltdown and Spectre both exist outside[…]

Petya Ransomware & Mitigation Steps

They Petya Ransomeware outbreak is the second such global attack in the last couple of month. The malware is spreading using same Microsoft Windows vulnerability that was exploited by the recent WannaCry ransomware event. Symantec confirmed that Petya uses the “Eternal Blue” exploit. Microsoft released a patch for the Eternal Blue exploit in March (MS17-010), but if you have put off installing the patch[…]

Wannacry Ransomware & Mitigation Steps

A major cyberattack took place this past week. The attack impacted organizations in over 100 counties including the British National Health Service, FedEx, Spanish telecom company, Telefónica, and multiple universities in Asia. The culprit is the Wannacry ransomware worm. The worm is most commonly introduced through infected email. When the user clicks on the infected[…]

Symantec, Illegitimate Certificates & Why We Should Care

In 2015, Symantec was caught issuing improperly signed cryptographic certifications which could be used to break HTTPS and put internet users at risk. Some of the improperly issued certificates were issued to Google owned domains, which if used maliciously, could allow for impersonation of HTTPS protected Google websites. Understandably, Google was very upset and responded[…]

We Started a Business – Our IT Audit Blog is Still Going Strong

This update is long overdue, but we started a business! After two years of blog posts we decided to take the leap and make risk3sixty a full fledged consulting company. Specifically, focusing on world-class IT Audit, Cyber Risk, and Compliance PMO services. After talking to many of our clients and colleagues we realized the world[…]

The Future of IoT Security

Required Reading: 1) IoT Growing Faster Than the Ability to Defend it 2) DDoS on DYN Impacts Twitter, Spotify, Reddit Until recently the security concerns associated with IoT devices have been mostly speculative. It’s easy to ignore how a webcam or a inexpensive gadget might be a cyber-security concern. Most people don’t think in terms[…]

Items of Interest week of September 5, 2016

Here are some quick reads for the week of September 5, 2016. If you have interesting links of your own share them in the comments. Yahoo: FBI says foreign hackers penetrated state election systems Arstechnica: State-sponsored Malware can collect data from devices not connected to the internet Schneier: Keystroke recongniation from wi-fi distortion Dark Reading: CISOs[…]