Wednesday, October 7, 2015

Tips to survive Safe Harbor

We've been for 24 hours under a flood of news about the derogation of the data exchange framework between USA and Europe, known as”Safe Harbor”. But as long as more than one signed the death of many companies, others have read the sentence closely to conclude that's not such a big deal. We'll talk about it, as well as the macro operation against a popular ransomware, the robbery of RSA passwords in the Amazon cloud and the annual convention of the Industrial Cyber Security Center. Here we go.

With Safe Harbor invalidated, the American companies can’t transfer personal data of European citizens to their systems, unless the affected give their personal authorization. This detracts quite a lot the messy of this topic, because the affected services will just add a paragraph to their use terms. The collateral victims of this will be the European companies which hire servers in the United States. These companies are now in big trouble.

Goodbye, Angler?

The cyber criminals hunted by Cisco are also in trouble, being responsible of the 50 % of the world activity of the Angler exploit. In the moment of being dismantled, the group was attacking 9.000 IPs per day on average, using 147 proxy servers, with a 40% of success. They used the Angler kit to assault the computers and then inyected ransomware. According to Cisco they would have compromised more than half a million of systems per month so they could have won 3 millions of dollars, 30 million a year.

Stealing passwords from the cloud

Today, another thing which attracts our attention is the announcement of a group of researchers from Massachussets who, making the most of the convention celebrated in Las Vegas “Amazon Web Service’s re:Invent Conference”, have published a concept test which uses a failure in the AWS virtual machines to steal their RSA cryptographic passes. Nowadays the failure is already patched, but according to the researchers we're thinking seriously about the security on the cloud.

Industrial security

We finish with another convention celebrated in Madrid about industrial cyber security; a field more and more relevant day by day with revelations like the informations read yesterday about the low security of the European nuclear plants. We recommend to our readers visiting the Twitter account of the Industrial Cyber Security Center, where they could be informed about the #CCIcon5 lectures.

By the way, this is the European month of cyber security. Let’s see if we can pass it without any disasters...


Post a Comment