United States, Johannesburg, Mcafee discussed on The CyberWire
Yes the common question inevitably arises is security the cloud platform providers responsibility or is it the customers responsibility to optimize the security you must clearly articulate who owns what identifies security gaps and determine who will close those gaps with the introduction of the High Trust Shared Responsibility he program there's now a solid path to address the misunderstandings risks and complexities when partnering with Cloud Service Providers Coal Fire has delivered hundreds is of high trust CSF certification since two thousand eleven and they help organizations clarify the roles and responsibilities of security controls that protect information they've certified the leading global cloud service providers and can help you migrate data to the cloud securely find out more from coal fire the high trust cloud assessor at coal-fired dot com slash high trust that's coal fire dot com slash hitrust and we thank coal fire for spots during our show funding for this cyber wire podcast is made possible in part by McAfee security built by the power of harnessing one billion threat sensors from device to cloud intelligence that enables you to respond to your environment and insights that empower you to change it McAfee the device declawed cybersecurity company go to McAfee dot com slash insights from the cyber wire studios at data tribe I'm d Bittner with your cyber wire summary for Monday October twenty eighth twenty nineteen Isis leader Abu Bacher al-Baghdadi died Saturday in Syria's province killing himself and sadly three of his children as US special operations forces cornered the terrorist leader in a tunnel according to the Voice of America US Defense Secretary Espy said late breaking actionable intelligence develop that morning enabled the attack to be executed within hours Reuters says Al Baghdadi was located with the assistance of captured Isis leaders. Whatever its accuracy this report and others like it will erode the terrorist groups relationships of trust one of al-Baghdadi principal lieutenants spokesman Abu Hassan al-muhagir was killed in a US air or strike hours after the raid the Times reports a Bloomberg op-ed argues that terrorist groups like Isis have proven resilient to leaders deaths expect any regrouping to be foreshadowed by information operations what sort of late breaking actionable intelligence defense secretary espy referred to as of course spent quite properly left unclear but developing target indicators into targets can be a difficult process and indicators are often missed on such set of indicators seems to have surrounded one of the last high profile massacres El Baghdadi claimed for Isis the Easter massacres in Sri Lanka this April a parliamentary select committee convened to review the attack concluded that Sri Lanka's intelligence leaders missed reports that should have alerted them to an imminent attack those reports began arriving as early as April fourth seventeen days before the April twenty first attack apart from direct observation of online terrorist chatter which can be notoriously noisy the security forces are said to have failed to act on domestic police warnings and alerts fed to them by Indian intelligence services missing signal is an old problem the US certainly did the same during the run up to nine eleven this weekend as the celebrations arrived authorities in India raised the alert level in several cities as the Pakistan based terror group Josh Allen Muhammad threatened attacks against those celebrating the Hindu fest level of lights those attacks seem not to have materialized and that's another instance of chatter being disruptive noise a ransomware attack against trial works a widely used legal case management system has caused disruption of trials and schedules as trial works recovers and as the law firms that use the product look for work arounds and alternatives bleeping computer says the ransomware strain involved so far unknown but the attack resembles in some respects August incidents that involved Gan crab successor are evil so dina key be trial work says it's decrypt the affected files which has led to speculation that they went ahead and paid ransom the city of Johannesburg sustained breach Thursday that led to suspend most online services the group claiming responsibility the shadow kill hackers has said they'll publicly dumped all the stolen data if they weren't paid for Bitcoin by five PM Johannesburg Time today that was eleven am US eastern time so the deadline has come and gone we don't have any word yet on whether the shadow kill hackers have done what they threatened to do or whether Johannesburg has paid up here's what Johannesburg city staffers told? Sea magazine was in the note they received quote. Hello Joe Berg City here are shadow kill hackers speaking all of your servers and data have been hacked we have dozens of back doors inside your city we have control of everything in your city we can shut off everything with a button we also compromised all passwords and sensitive data such as finance and personal population information. Your city must pay us for bitcoins if you don't pay on time we will blow the whole data available to anyone in the Internet we note in passing that their style is like a somewhat less over the top version of shadow broker ease scriptwriters conception of broken English we confess we continue to miss the attack was initially described as ransomware but that may be misleading does indeed appear to be an extortion demand but the disruption to city services appears to have been largely a precautionary measure taken by the city government itself which tweeted that Inter option of services were consequences of the investigation the city said that customers will not be able to transact on e services or log queries the of the city call center or customer service centers most services were restored over the weekend the shadow kill hackers made to threats in addition to dumping the information on line and telling everyone how they got it they also threaten to delete all the data permanently if that's more than an empty threat it suggests they dropped a wiper into Johannesburg's network doc researchers at security firm cyber reason have offered their take on the raccoon information steeler that's gaining black market share and the criminals criminal markets it's not sophisticated but it's relatively cheap and easy to use which makes it a classic example of Disruptive Product Raccoon is available Wolf for one hundred seventy five to two hundred dollars and it's usually delivered via the fallout or rig exploit kits raccoons native home seems to be the Russian criminal underground it began as a password steeler but has expanded into other forms of data theft and finally who's most gullible with respect to online scams specifically which age cohort is likely to take the fish bait and who's more predisposed to spit the hook well the US Federal trade commission has reached what will be for many a surprising counter intuitive conclusion on the matter you may think that the proverbial GRANDPA and grandma are likely to fall victims phishing scams than others but no actually people over sixty are less likely to take the fish bait then our younger adults particularly millennials the FTC's recent report on protecting older consumers reach that conclusion there is a downside however while older adults are less likely to fall for scams than are the young adults when seniors do bite on the fraud their losses tend to be higher those over eighty seemed to take the biggest hit per scam so everyone young old flick with caution and read with appropriate openminded skepticism which is good advice at any age and now a word from our sponsor no before having spent over a decade as part of the CIA Center for Cyber Intelligence and the counter terrorism mission center row smothers knows the INS and outs of leading cyber operations against terrorists and nation state adversaries she's seen firsthand how the bad guys operate she knows the threat they pose and she can tell you how to use that knowledge to make organizations like yourself a hard target get the inside spy school been find out why Rosa now no before s VP of cyber operations encourages organizations like yours to maintain a healthy sense of paranoia go to hey and we thank no before sponsoring our show.