Cyber Defense Magazine

download (5)

Mike Walls’ article “Web Injections: When Good Application Go Bad” has been published in Cyber Defense Magazine.

On October 29, 2014 the security team for Drupal, the popular open source content management system (CMS) for over a billion websites, released a public service announcement advising their 12 million customers to update their software due to a SQL injection attack.

The vulnerability allows hackers to use SQL injection to breach core code intended to prevent such attacks, and then take control of a website’s database. Once a web server has been compromised, the patch can’t help.  In fact, according to Hacker News, if you did not download a patch but the patch is already there when you attempt the fix, your website has been infiltrated.

Walls’ article in Cyber Defense Magazine can be found HERE.


Mike Walls is Managing Director, Security and Operations and Analysis at EdgeWave. While on Active Duty in the U.S. Navy, Mike served as Commander Task Force 1030 reporting directly to the Navy’s Fleet Cyber Command, and was responsible for Cyber readiness of over 400,000 people, 300 ships, and 4,000 aircraft.  Comments and questions for Mike Walls are welcome: blog@edgewave.com

 

Dark Readings Exclusive — ‘Why Nations Hack’ Part 3

DR-logo

Part 3 of ‘Why Nations Hack’ is now live on Dark Reading.

The Russian Federation holds an interesting, albeit a dubious position in the ranks of nation state cyber-actors. While ranked third among countries in terms of volume of cyber activity (behind the U.S. and China, according to Deutsche Telekom’s honeypot network data), Russia is widely regarded as a having the most sophisticated and skilled hackers.

Unlike the Chinese government which employs thousands of hackers in the People’s Liberation Army, the Russian government’s relationship with resident hackers is much murkier. The trails to cyber-attacks originating in Russia tend to end at civilian hacktivist groups and criminal organizations, perhaps providing officials with plausible deniability.

You can read the full Dark Reading article HERE.

 

*Click to read Part 1: China or Part 2: North Korea*

Tax Season 2015: File early, not often

tax-refundLooking forward to getting a hefty tax refund check? File early to prevent identity thieves from submitting your return first.  Hijacking tax returns is a growing business model for criminals who obtain social security numbers and falsify W-2 forms. The Identity Theft Resource Center tracked 783 data breaches in 2014, a 27.5 percent increase over 2013. In the aftermath of 2014 breaches, we can all safely assume that at least some of our personal information has been exposed.

Anyone who has had electronic data compromised has an increased risk for redirection of their refund check, because it is relatively easy for crooks to duplicate supporting documents and file fraudulently.

The IRS has trained 35,000 employees to work with taxpayers to provide assistance with identity theft. Even so, tax-related identity theft cases grew from 15 percent in 2010 to a reported 43 percent in 2013.

If someone else beats you to filing, the IRS will issue the check to the first filer and will flag your return when you submit later. You will receive a letter from them saying that you have already received your refund, and it will take months for you to make the correction. You will eventually get your refund, but that means the government will have paid that amount twice. And guess who will end up footing the bill? That’s correct; all of us will. Last year’s U.S. Government Accountability Office (GAO) report estimates that fraudulent refunds cost taxpayers $5.2 billion. Treasury Department officials have gone on record saying that the number is much higher.

So how do you protect yourself? One way is to ensure that your email service provider has security measures in place to stop the phishing and other email-based threats that cybercriminals use to steal personal identification and financial information. By now everyone should know not to accept as legitimate an unsolicited email from the IRS or tax preparation service requesting a login.

IRS tips to prevent fraudulent filing can be found here: http://www.irs.gov/uac/Newsroom/Tips-for-Taxpayers,-Victims-about-Identity-Theft-and-Tax-Returns-2014


 

EdgeWave provides comprehensive Military Grade cyber security to companies large and small in all sectors, deploying the latest in automated protection backed by 24/7 human analysis, and guarding against Advanced Persistent Threats. EdgeWave monitors networks and customizes security rules for over 6000 clients globally, ensuring compliance and timely reporting. Visit www.edgewave.com to find out how easy it is to secure your network.

SC Magazine 2015 Excellence Award Finalist

scawardslogo2015_711341

We are proud to announce that EdgeWave iPrism Web Security has been named a finalist for SC Magazine’s 2015 Excellence Award for Best Web Content Management Solution. This is awarded to companies whose products provide superior web content filtering for laptops, desktops and servers. The products also have an exceptional ability to block or filter objectionable websites and content and enlist blacklist, whitelist or both.  EdgeWave iPrism Web Gateway combines Military-Grade cyber security with a cloud-enabled platform to deliver “anytime, anywhere, any device” internet protection and policy enforcement that is easy and affordable to implement and maintain.

The SC Magazine Awards have recognized industry leaders for their excellence for over 16 years, awarding companies that engineer superior security products helping customers battle their imminent cybersecurity needs and tackle next generation threats. With over 650 nominations in 2014, EdgeWave is honored to have been named a finalist this year.

The winner will be announced at the SC Awards 2015 ceremony to be held April 21, 2015 in San Francisco.

 

Why Nations Hack — Blog Series

DR-logo

Part 2 of Mike Walls’ series, the motivations that compel nation-states to hack, is now live on Dark Readings:

“The Democratic People’s Republic of Korea (DPRK) is about as far from a democratic republic as a country can get. It is certainly not a government “of” its citizens. The country has been dominated by a small group that exercises complete control over every aspect of North Korean society. Leading the handful of power brokers has been the “Supreme Leader,” a title which has belonged to three men since Korea was partitioned following World War II.”

Our friends over at Dark Readings will be publishing Mike Walls’ work. You can read the article HERE


 

In case you missed it, here is Nation-State Cyberthreats: Why They Hack Part 1 by Mike Walls published January 8th:

This is the first in a series exploring the motivations that drive nation-states to participate in nefarious cyber activity. 

We know that hackers hack for a variety of reasons. Some hack because they are greedy or have criminal motives. Some hack to satisfy their egos or gain peer recognition. Some hack alone, and some hack in groups. But many hackers, or more accurately “hacktivists,” join groups like Anonymous in order to demonstrate their dissatisfaction with powerful organizations such as corporations and governments who fail to share their world views.

These hackers don’t consider themselves to be bad actors. They see their activity in a positive light, viewing themselves as contributing to a greater body of knowledge, or furthering a good cause, and often hacking without a clear vision of the second- and third-order effects of their actions.

Our friends over at Dark Readings will be publishing Mike Walls’ work. You can read the article HERE


Mike Walls is Managing Director, Security and Operations and Analysis at EdgeWave. While on Active Duty in the U.S. Navy, Mike served as Commander Task Force 1030 reporting directly to the Navy’s Fleet Cyber Command, and was responsible for Cyber readiness of over 400,000 people, 300 ships, and 4,000 aircraft.  Comments and questions for Mike Walls are welcome: blog@edgewave.com