Recent events in the Ukraine have left many people uncertain of what's coming next. Our hearts and thoughts go out to the families who’ve been affected by this tragic mark in history, and we hope they can reach a peaceful accord soon.
School routines are back in full swing, and I couldn’t help but draw similarities between how we protect the young ones we send off to school and the corporate assets and data leaving our companies.
As we head into the New Year and I pull together the last security blog of 2018, I want to highlight a few of the latest exploits and breaches that showed up on my security news radar during Thanksgiving week and the important questions they pose. Don’t head into 2019 without asking yourself these top cybersecurity questions:
As the cyberthreat landscape continues to rapidly evolve and get more complex, it’s become imperative for organizations to build a network architecture that includes automated cybersecurity monitoring systems, workforce education, training, and awareness. This will help to dynamically detect and prevent threats that may or may not have been knowingly introduced internally and provide increased visibility and protection to all outsider threats.
InfraGard recently put out a Flash Alert for a piece of malware called Fruit Fly. I sat through this briefing during last year’s Black Hat/DefCon conference and this malware is unique because it can live in an environment for months, if not years, undetected. There are no ransomware screens alerting the user that they’ve been infected or the ominous blue screen of death. It was first discovered in January of 2017 by Thomas Reed who works for Malwarebytes, who’s also a top Mac OS security researcher and conducted the initial analysis, but since then other variants been identified, dissected, and monitored.
On March 25th, Under Armour was made aware that they had an unauthorized party gain access and acquire data associated with 150 million MyFitnessPal user accounts. The information they could’ve gathered includes, but is not limited to, usernames, email addresses, and hashed passwords. What are hashed passwords? Hashed passwords, from a high level, happen when passwords are ran through a mathematical function to create an encrypted version and a message authentication code (MAC) of a plaintext password. In MyFitnessPal’s case, they used a bcrypt hashing function, the same type that was used by formerly hacked Ashley Madison. After the Ashley Madison hack, the entire database and all password hashes were made available to the hackers of the world and now they have the password hashes of MyFitnessPal too. What does this mean for those of you that have an account on MyFitnessPal?