Page 3 - index
P. 3







Cyber Breaches and iOT Vulnerabilities are Out of Control



Friends,

Every day we read about a new breach. You would think, by now,
that organizations across the globe know how to defend themselves
with the best IT security training, the most advanced anti-malware and
intrusion prevention systems, tools and techniques, yet the numbers
continue to skyrocket.

Even worse, as we see the shift to mobile banking and mobile
commerce, we see these devices increasingly vulnerable. Just take the simple vulnerability in
the Android SMS messaging technology. Hackers can send an SMS message to an android
device, with a malware attachment posing as a video file and the SMS ‘engine’ in the android
begins processing the attachment, causing an infection, before the user is even able to open or
delete the message.

We’re simply finding way too many backdoors and vulnerabilities in these devices to risk our
personal information, yet every day, more and more consumers move their information into their
smartphones. This is just the tip of the iceberg. We’ve also seen not only our phones becoming
‘always on the internet’ devices, but also the Boing 777, the Fiat-Chrysler Jeep and most likely
all new cars that have entertainment centers and command-control software all connected on
one network (was it to save money? was it simply a cost-savings maneuver?) that is extremely
vulnerable to remote exploitation as the Wired magazine hackers showed to the world, recently.
Meanwhile, in Zurich, a demonstration by a hacker to eavesdrop on key fobs that open and start
cars in very close proximity can be hacked by eavesdropping on their signal and boosting it
when you are close to the vehicle. There is simply no end to the vulnerabilities we’re going to
find on the internet of things.

This begs the question: what are you doing to remove your vulnerabilities and make sure your
organization does not become a victim in the cyber war. Our Executive Producer, Gary
Miliefsky, sits on the MITRE CVE (common vulnerabilities and exposures) board, now
searchable through the National Vulnerability Database. Have you searched out and fixed your
vulnerabilities today? If not, Gary recommends you do so immediately.

He shared with me a few very interesting links and some great free tools for you to look at as
you read on through this month’s edition. They are http://nvd.nist.gov and
http://www.openvas.org/. Time to plug the holes – start with the most critical first.


To our faithful readers, Enjoy
Pierluigi Paganini


Pierluigi Paganini, Editor-in-Chief, [email protected]

3 Cyber Warnings E-Magazine – July 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide

   1   2   3   4   5   6   7   8