David Geer

David Geer writes about security technologies for CSOonline.com and other publications. His website is www.davidgeer.com

Recent Posts

Computer chips have vulnerabilities. Some 900 million Android devices including tablets and smartphones are vulnerable to attack due to Qualcomm chipsets that have four flaws in the associated chipset code. If companies / users don’t or can’t apply patches, hackers could gain root-level control of the devices using a malicious app without the app requiring any special privileges from the user.

READ MORE [fa icon="chevron-right"]

As of August, the New York Times (NYT) and other U.S. publications had fallen victim to cyber attacks. The FBI is investigating these attacks, which likely Russian intelligence hackers perpetrated on several reporters and journalists who work for U.S. news organizations, including the NYT.

READ MORE [fa icon="chevron-right"]

Eddie Bauer POS Systems Breached

[fa icon="calendar'] Oct 11, 2016 9:58:24 AM / by David Geer
posted in Retail

[fa icon="comment"] 0 Comments

POS malware is taking no pause. In August, retail chain Eddie Bauer notified customers that malware hit Point-of-Sale (POS) systems at its retail stores, exposing customers’ payment card information. The company’s media release states that “customers’ payment card information used at Eddie Bauer retail stores on various dates between Jan. 2, 2016 and July 17, 2016, may have been accessed. Not all cardholder transactions during this period were affected.” News items that followed the release reported that all U.S. and Canadian Eddie Bauer stores were infected with the POS malware.

READ MORE [fa icon="chevron-right"]

An advanced and likely nation-state APT malware threat has been covertly operating in government networks in Russia, Iran, Rawanda, Sweden and Belgium for five years, evading discovery. The keenly-orchestrated ProjectSauron threat has had 60 months to steal documents and encryption keys and log keystrokes. If you wonder about the severity of the outcomes from these attacks, simply imagine what you could do with five years’ worth of this level of unfettered access.

READ MORE [fa icon="chevron-right"]

The kinds of hackers interested in invading your in-vehicle information space are not limited to hoodlums. Members of every category have some motive for worming their way into your corporate armada, from drawing attention to their anti-capitalist creed to stealing IP in the name of international corporate espionage. You need to know how to protect your fleet of vehicles.

READ MORE [fa icon="chevron-right"]

Just like the visible stars in any night sky, the number of IoT devices may soon be countless and with that, count on at least one vulnerability and probably more for each device. IoT is exacerbating concerns over mobile security threats, as well as exploits that lack a mobile component. IoT will play a role in more than one-fourth of all cyberattacks by 2020. The sheer number of connected devices forming an attack surface globally and the degree to which these devices and our increasingly connected culture are so easily compromised will continue to compound the issue.

READ MORE [fa icon="chevron-right"]

Last year, healthcare data breaches cost the industry more than 112 million patient records. In June of this year, a criminal hacker ripped through RDP (remote desktop protocol) vulnerabilities at three U.S. healthcare concerns, hacking electronic health records software, stealing health record databases containing a combined total of 655,000 PHI records and offering these for sale on TheRealDeal darknet website.

READ MORE [fa icon="chevron-right"]

SSL and The IoT, Considerations

[fa icon="calendar'] Aug 19, 2016 10:25:13 AM / by David Geer

[fa icon="comment"] 0 Comments

By 2025, we’ll see more than 75 billion IoT devices globally. What black hat cracker could resist an attack surface that expansive? When you marry the vulnerabilities of IoT with those of SSL, you invite many catastrophes. IoT device proliferation will increasingly surround consumers with entry points for attackers. “By 2020, each person is likely to have an average of 5.1 connected devices,” according to Frost & Sullivan. The more intimate the device’s place in people’s lives, the greater the potential harm attackers can cause. That’s a lot of liability for vendors offering those devices.

READ MORE [fa icon="chevron-right"]

More SSL traffic means more opportunities for hackers, both inside and outside the encryption. Though the standard for HTTPS encryption is now actually TLS (Transport Layer Security), with version 1.3 as the current version and the only one organizations should be using, the industry uses the acronym SSL (Secure Sockets Layer) when referring to SSL and TLS technologies, as I will here.

READ MORE [fa icon="chevron-right"]