- Any time there is new threats of targeted breaches within your industry
- Network and systems configuration changes
- New applications, software or Operating Systems are added to the infrastructure
- New equipment like firewalls, routers and switches are added
- New office locations are established
- Major modifications of company security policies
To get started on your Penetration Scan, you simply purchase a clock of Cyber Compliance Consulting hours from our Square Store. The higher the block of hours, the more discount you receive!
- Our Standard Cyber Rate of $200, billed as you use per hour. Use this if you just wanted to get started with a consultation.
- Our 25-Hour Bundle for $25/hour discount!
- One 50-Hour Bundle for a $50/hour discount!
Russian Hackers Attacked U.S. Aviation as Part of BreachesFrom Bloomberg.com By Alan Levin Updated on “Russian hackers attempted to penetrate the U.S. civilian aviation industry early in 2017 as part of the broad assault on the nation’s sensitive infrastructure.The attack had limited impact and the industry has taken steps to prevent a repeat of the intrusion, Jeff Troy, executive director of the Aviation Information Sharing and Analysis Center, said Friday. Troy wouldn’t elaborate on the nature of the breach and declined to identify specific companies or the work that was involved.” Read More….
It’s not just elections: Russia hacked the US electric grid
From Vox.com By
“A huge story about Russian hacking got lost amid all the Trump administration staffing drama and Stormy Daniels news over the past week: On March 15, the US government released a report describing a massive Russian hacking campaign to infiltrate America’s “critical infrastructure” — things like power plants, nuclear generators, and water facilities.” Read More….
Half of UK manufacturers fall victim to cyber attacks
“The UK has already suffered stealth cyber attacks on more than 80 manufacturing plants, with criminals deploying tactics that could put critical national infrastructure at risk.
Britain’s spy agencies have warned the bosses of utilities, transport and health services that Russian hackers are invading unprotected networks ahead of a potentially serious attack.
But new evidence shows the attackers are already targeting UK factories. In an anonymous survey of manufacturers, almost half admitted that they have fallen prey to cyber warfare, according to trade group EEF. ” Read More….
Russian hacker warning: How to protect yourself from network attacks
“Businesses and governments have been urged to keep their network security up to date following a warning from US and UK authorities about the risk of cyber attack from hackers backed by Russia.
The US Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC) issued an alert over exploits in routers and other internet connected devices used in homes, small businesses and large organisations, which are said to be vulnerable to cyber attacks.
The hacking campaign includes breaking into routers and other network devices to carry out man-in-the-middle attacks to support cyber espionage, steal intellectual property and maintain persistent access in victim networks for use in additional attacks.” Read More…
Drones to cloud computing: AP exposes Russian wish list
From APnews.com By BY JEFF DONN, DESMOND BUTLER and RAPHAEL SATTER Feb. 08, 2018
“WASHINGTON (AP) — Russian cyberspies pursuing the secrets of military drones and other sensitive U.S. defense technology tricked key contract workers into exposing their email to theft, an Associated Press investigation has found.
What ultimately may have been stolen is uncertain, but the hackers clearly exploited a national vulnerability in cybersecurity: poorly protected email and barely any direct notification to victims.
The hackers known as Fancy Bear, who also intruded in the U.S. election, went after at least 87 people working on militarized drones, missiles, rockets, stealth fighter jets, cloud-computing platforms or other sensitive activities, the AP found.
Employees at both small companies and defense giants like Lockheed Martin Corp., Raytheon Co., Boeing Co., Airbus Group and General Atomics were targeted by the hackers. A handful of people in Fancy Bear’s sights also worked for trade groups, contractors in U.S.-allied countries or on corporate boards.
“The programs that they appear to target and the people who work on those programs are some of the most forward-leaning, advanced technologies,” said Charles Sowell, a former senior adviser to the U.S. Office of the Director of National Intelligence, who reviewed the list of names for the AP. “And if those programs are compromised in any way, then our competitive advantage and our defense is compromised.” Read More….
Exposed: Misconfigured Cloud Storage Leaves 1.5B Sensitive Files Up for Grabs
“A colossal 12TB of data – including confidential intellectual property, penetration test results and other sensitive files in the cloud – can be pulled from exposed Amazon S3 buckets, rsync, SMB, FTP servers, misconfigured websites, and NAS drives, according to new research.
The “Too Much Information” report published by Digital Shadows on Thursday, found that 1.5 billion files were exposed across the internet’s most ubiquitous file sharing services. That includes 64 million files in the UK alone – the equivalent to one file for nearly everyone in the country.
Security Teams, Bow your Heads
Thousands of security audits (5,794), network infrastructure details (1,830) and penetration test reports (694) were among the files publicly accessible online.
The instances were blamed by Digital Shadows on poor security practices in file-sharing protocols.
“As organizations look to bolster their internal security programs with assessments and penetration tests, they turn to external consultants and suppliers. As these consultants backup and share their work, this highly sensitive information can become exposed,” report authors Rick Holland, Rafael Amado and Michael Marriott noted.” Read More…
Amazon Web Services Cloud Business Showing No Signs of Slowing Down
“Today’s topics include Amazon Web Services’ cloud business continuing to grow, and Google rolling out a Kubernetes cloud service catalog and cloud service broker.
Amazon Web Services on April 26 reported first-quarter 2018 revenue of $5.4 billion, an impressive 49 percent year-over-year revenue growth in the public cloud. For comparison, when Amazon began to break out AWS revenue in the first quarter of 2015, revenue was $1.57 billion, and Amazon has continued to grow cloud revenues at a rapid pace every quarter since.
“AWS had the unusual advantage of a seven-year head start before facing like-minded competition, and the team has never slowed down,” Jeff Bezos, Amazon’s founder and CEO, stated.
Security Experts Warn of New Cyber-Threats to Data Stored in Cloud
“SAN FRANCISCO –New cyber-attack techniques are evolving that threaten computer systems that IT security administrators may have considered relatively safe. That was the message of a panel of SANS Institute cyber-security experts at the 2018 RSA Conference.
For example, cloud computing is often lauded for its security and a way for companies to offload the infrastructure and investment costs of owning and maintaining on-premises data centers.
But SANS Institute’s Ed Skoudis said storing data offsite doesn’t ensure security.
“There is leakage when you have data stored in the wrong repositories or not stored correctly,” said Skoudis, a fellow and lead instructor at SANS Institute, which specializes in IT training and security services.
“There have been many attacks, Verizon twice, Time Warner and Uber and the U.S. Army leaked over 100 gigabytes of data because of a bug in an Amazon S3 storage bucket.”
Skoudis said organizations have focused on protecting their computer systems, but it’s time to think more broadly.
“If I ask a company if they manage and secure their computer systems they say yes. But when I ask about securing their data assets they say, ‘What are you talking about?’ It’s important to protect your computer systems, but if you don’t know what your data assets are and you’re putting them on systems you have no control of, you’re going to be in trouble,” he said.” Read More…