Industrial Systems Vulnerable to Hackers!

Security Week, a well respected online new service, announced that ” Several major industrial and automation solutions providers have issued advisories in response to the recently disclosed Wind River VxWorks vulnerabilities dubbed Urgent/11.

It is reported that Company’s with systems from the following have issued notices and/or advisories regarding this Zero Day vulnerability.

At Ascension, we are working to insure ourselves and our clients are protecting both corporate and individual data. Again, I think we need to ask ourselves, are we doing enough our systems and the persons affected. Please Ponder this question and free to call or comment. Thank you

Capital One Data Breach…Who’s protecting your wallet?

As I was reading my Wall Street Journal online this evening. I can see that Data Breach concerns are becoming louder this year than anytime in the past. In a article “Capital One Cyber Staff Raised Concerns Before Hack” (1) the authors shared indications that before the Capital One Data Breach, there were a number of concerns voiced by staff and others. Issues such as high staff turnover, even at the top levels of the organization. Also, improper or possibly negligent configurations of security related software were slow to be implemented. Capital One’s slogan is “What in your wallet?” It’s catchy! However, I think we all wished that the data in our wallet’s should stay in our wallet!

At Ascension, we find new clients sharing similar issues or concerns. CyberSecurity is not easy nor is it sexy. However, in today’s world, CyberSecurity and Privacy are now a cost of doing business for almost any endeavor. Leadership and technical staff alike, need to focus reasonable and consistant energy on CyberSecurity for the security of their respective customers. Security Assessments are essential to understanding the problem.

Assessment is the first step in understand how your company fairs with regard to CyberSecurity and Privacy. Feel free to comment whether you believe assessments are helpful?

Good Day, Paul

CItations:

(1) Andriotis , AnnaMaria, and Rachel Louise Ensign. “Capital One Cyber Staff Raised Concerns Before Hack.” Capital One Cyber Staff Raised Concerns Before Hack, Wall Street Journel, Aug. 2019, https://www.wsj.com/articles/capital-one-cyber-staff-raised-concerns-before-hack-11565906781?mod=djemalertNEWS

The plot thickens — Not just Capital One Breached, possibly 30 more companies breached.

It appears that prosecutors have stated that the Seattle Employee arrested for the Capital One 106 Million User Breach, also “include(s) not only data stolen from Capital One, but also multiple terabytes of data stolen by Thompson from more than 30 other companies, educational institutions, and other entities. “

Geekwire, which has done a stellar job of coverage, uploading a copy of a UNITED STATES’ MEMORANDUM IN SUPPORT OF MOTION FOR DETENTION filed on the 13th of this month. See https://www.scribd.com/document/421871863/Aug-13-memorandum-for-Paige-Thompson-case

As I stated last week, “Estimating the cost to the company is typically, at least $100 to $150 per user, it would be easy to estimate the initial cost to Capital One will be well over $100M, and most likely upward of $200M, when you factor in all the internal remediations and legel cost that are never recovered by any company.” Now with 30 possible other companies breached, the businesses may be forced to pay over 500 Million or more.