-
What is the NSO Group Pegasus Spyware Software? How Does Pegasus Hack Phones?
There was a flurry of news this morning about NSO Group, an Israeli tech firm, and the Pegasus spyware that produces. Al Jazzeera has some interesting reporting and have been following the story for a while. Back in December they reported about their journalists being hacked. “Based on this, we handed the phone to Citizen Lab, who found that the phone was hacked by spyware called Pegasus, which is developed by NSO, an Israeli company,” said Almisshal. “This hacking was done by a so-called zero-click technique where they can access cameras and track the device. They also found that operators in the UAE and Saudi Arabia were behind this hacking.…
-
News & Notes: July 19th, 2021
A U.S. led coalition including the U.K. and other coutries and organizations including NATO are formally accusing China for cyberattacks worldwide, including the massive Microsoft Exchange email hack. via Financial Times, Bloomberg, CNN, CNBC. NSO Group, an Israeli tech organization, is being accussed of selling spyware used to snoop the devices of executives, journalists, activists and dissidents. NSO Group has a proprietary software technology called Pegasus, intended for tracking terrorists, that reportedly, “allows authorities to listen into conversations using hacked mobile phones microphones, as well as track other data”. via Economist Also, a compelling read from 2019 highlighting NSO Group is here via The Economist, as well. And, still another…
-
CompTIA Security Plus + Full Course [VIDEO]
Security+ Full Course video from YouTube. **** Topics Discussed **** Introduction to Network Devices (part 1) (0:00) Introduction to Network Devices (part 2) (8:06) Introduction to Network Devices (part 3) (15:50) Secure Network Administration Concepts (34:00) Cloud Concepts (41:00) Secure Network Design Elements and Components (48:00) Common Network Protocols (part 1) (55:20) Common Network Protocols (part 2) (1:01:00) Common Network Protocols (part 3) (1:08:00) Wireless Security Considerations (1:13:54) Risk Related Concepts (part 1) (1:23:12) Risk Related Concepts (part 2) (1:29:43) Risk Related Concepts (part 3) (1:36:08) Integrating Data and Systems w Third Parties(21:50) Risk Mitigation Strategies (1:41:27) Basic Forensic Procedures (1:46:17) Incident Response Concepts (1:54:15) Security Related Awareness and Training…
You May Also Like
What is a data center? And Why Are They So Important??
How Was Colonial Pipeline Hacked/Breached? Because of One Single Employee’s Compromised Password?
Current Events Breakdown: To unlock a terrorist’s iPhone, the FBI turned to an obscure company in Australia; a technique called an “Exploit Chain” was used.
-
IP Addresses, Subnet Masks, Subnetting, and Calculating Hosts
IPv4 IP addresses are a 32-bit (binary digit) value. IP addresses are just strings of 32 binary digits (bits!). ex: 11000000101010000000010000000010 Broken down into 4 groups of 8, separated by dots (periods/decimals). ex: 11000000.10101000.000001.00000010 Now each 8-bit value, octet, is converted to a decimal number between 0 and 255 (for a total a 256 options). So the above would translate to: ex: 192.168.4.2 This is “dotted decimal notation” aka “the dotted octet numbering system”. Tip: You should memorize that 0=00000000 and 255=11111111. You’ll find knowing this very helpful. Note: By definition, all computers on the same network have the same subnet mask and network ID. /24 is limited to IP…
-
The TCP/IP Reference Model and Layers
The TCP/IP model is a more concise take on the OSI model. The TCP/IP model contains four layers: Process/Application Layer Host-to-Host/Transport Layer Internet Layer Network Access Layer/Link Layer Network Access Layer The Network Access Layer defines how to use the network to transmit an IP datagram, or unit of information packet. The Network Access Layer is: the lowest layer physical, data link, network a directly attached network the protocols provide the means for the system to deliver data to other directly (physically) attached network devices. must be able to know the details of the underlying network (packet structure, addressing, etc.) Gateways are devices that switch packets between different physical networks.…
-
What is a social engineering attack?
Social engineering is using human interaction (social skills) to obtain or compromise data/information about an organization or its computer systems. This information can them be used to deploy an attack and/or penetrate a network further. Social engineering attacks are particularly dangerous because they prey on our human instincts, interactions and dealings with people and our contextual environment. An attacker may not fit the stereotype we hold in our heads. Social engineering preys on the fact that humans will have our guard up for natural signs of danger and natural enemies, but things get fuzzy when the distinction is not so clear. In social engineering, the attacker may seem unassuming, respectable…
-
News & Notes: July 9th, 2021
(News & Notes may be updated throughout the day…check back for more!) China’s cyber watchdog, the Cyberspace Administration, an agency set-up during Chinese President Xi JinPing’s first term is taking, “a lead role in Beijing’s push to strengthen interagency oversight of companies listed overseas, especially those traded in the U.S., and to tighten rules for future foreign listings”. via WSJ Update…China Orders Stores to Remove More Apps Operated by Didi GLobal’s China Arm via WSJ ”Stellantis said it plans to spend more than $35.5 billion through 2025 to release an array of new electrified vehicles.” Not mentioned is how much they plan on spending towards the cybersecurity of said vehicles.…
-
Notes To Know: “Fundamentals of Telecommunications” by Roger L. Freeman—Chapter 1 Introductory Concepts
(Note: This is an evolving, evergreen post.) Chapter 1–Introductory Concepts What is Telecommunication? “Communications at a distance.” —Webster Dictionary “The transmission of signals over long distance, such as by telegraph, radio or television.” —IEEE Standard Dictionary Telecommunications is one of those words that has broad scope, meaning and coverage. It can mean different things to different individuals. “Fundamentals of Telecommunications” brings forth the following definition: “Some take the view that telecommunications deals only with voice telephony, and the typical provider of this service is the local telephone company. We hold a wider interpretation. Telecommunications encompasses the electrical communication at a distance of voice, data, and image information (e.g., TV and…
-
What is MPLS (Multi Protocol Label Switching)?
MPLS (Multi Protocol Label Switching) Challenges of MPLS (which helped drive the push to SD-WAN): Expensive connectivity Long time to deploy (60, 90, 120 days plus lead time) Cloud & mobile access are neglected Internet performance & availability Security Management With the old, pre-SD-WAN: ’Hub & Spoke’ topology Branches communicated with the hub & the data center Internet access was typically centralized out of the Home Office Cloud internet went thru Headquarters MPLS gave up predictability & availability Backhauling internet traffic to the Data Center for security consumes a lot of expensive MPLS bandwidth and it often means added latency. (The “trombone effect”!) MPLS circuits are expensive.
-
What is Access Control?
Traditional computer security revolves around access control. “It is where security engineering meets computer science.” —Ross Anderson, Security Engineering Access control is to control whom or who, has access to which resources in a system. Access control works at a number of levels from Hardware at the base, up through the Operating System, then Middleware, and up to the Application level. “As we work up from the hardware through the operating system and middleware to the application layer, the controls become progressively more complex and less reliable.” —Ross Anderson, Security Engineering Complexity tends to be at opposites with security. “Now now of the biggest challenges in computer security is preventing…
