North Korea has been led by the Kim dynasty since the 1953
United Nations Armistice Agreement was signed ending the Korean conflict. Each
successive leader of the Kim family has continued the DPRK's pursuit of WMD,
nuclear weapons in particular, while increasing its hostility toward the United
States and South Korea. With little intervention by China, North Korea led by
Kim Jong-un and the United States President Trump appear on a collision course
of military conflict. This eBook provides readers with a concise understanding
of this conflict and likely repercussions. Topics include: The Korean Peninsula
(Pre-1950), The Korean Conflict (1950-1953), The Armistice Agreement, North
Korea’s Leaders, The Axis of Evil, The Statistical Backdrop, WMD in East Asia, China
– The Elephant in the Room, US, South Korea and Japan, Scenario 1 –US Places
Nukes in South Korea, Scenario 2 - US preemptive Military Strike, Scenario 3 -
US Decapitates North Korea’s Leadership, Scenario 4 – US Massive Covert and
Cyber Warfare, Conclusions and an Appendix with North Korean Military
Installations. A must read for anyone concerned about national security and the
stability of East Asia. Purchase your copy today at the Kindle Store: https://www.amazon.com/dp/B071R3439G
Cloud and Cyber Security Center
News, products, vendors, threats, training and publications for cloud and cyber security.
Security Software & Equipment Store
Monday, April 24, 2017
Putin's Kremlin - Epicenter of Global Cyber Warfare (live on the Kindle Store)
Putin's Kremlin - Epicenter of Global Cyber Warfare: This goal of this eBook is provide a wake-up call for the new US government’s executive leadership, however well intentioned, yet seemingly naïve, that Russian cyber warfare is a clear and present danger to national security. Key topics include An Historical Primer on Russia' Leaders, Putin’s Pathology, The Era of Cyber Warfare, Russia’s Deception, Russia’s Goals and Methods, Russia’s Cyber Proxies, Russia’s Cyber Impact, Building the Great Wall of Cyber Security, Slaying the Red Cyber Bear, Concluding Thoughts, Supplemental Cyber Resources and Cyber Intelligence Feeds. The central premise of this codex is that Russia, as led by President Vladimir Putin, has the motive, resources and infrastructure to wage cyber war against free and democratic nations, chiefly the United States, for the primary purpose of regaining its global military dominance it had prior to the collapse of the former Soviet Union. Purchase today on the Kindle Store: https://www.amazon.com/dp/B06XTYGJXF
Wednesday, September 14, 2016
Warfare-Cyber Convergence a Major Challenge for the US Army
Network Convergence is one of the US Army's biggest challenges.. As evidence, look no further than the decision to disband
its electronic warfare division, which will fold into a newly
established cyber directorate at the Pentagon within the Army.
“We need to be aware that we are very likely going to fight an
adversary that is converging using [cyber and electromagnetic activity]
integration, ISR and fires across full spectrum conflict,” said Col
Timothy Presby, Training and Doctrine Command capabilities manager of
cyber, at TechNet Augusta earlier in August. “So unless we actually work
together and converge our capabilities, we will be left short.” Many current and former Army officials believe the convergence and
new cyber directorate are a good step. Creating the new cyber
directorate and keeping it within the G-3 is “absolutely” a good idea,
Gen. Jennifer Napper (ret.) told C4ISRNET in an interview.
“The fact of the matter is, it all works together or contests each
other and interferes with each other so you have to have it all in one
area,” said Napper, who formerly served as the director of policy, plans
and partnerships for the Cyber Command and commander of the Army’s
Network Enterprise Technology Command. Will this effort truly strengthen the US Army's cyber-warfare capabilities? Share your comments with the Cloud and Cyber Security Center.
Tuesday, September 13, 2016
New York Governor Calls for CyberSecurity Programs for Banks and Insurance Firms
New York state is proposing
new rules requiring banks and insurance companies to establish cybersecurity
programs and designate an internal cybersecurity officer, in what Gov. Andrew
Cuomo described as a "first-in-the-nation" move to codify cyber
safety policies. The proposed rules come after some
of the world’s biggest banks -- including JPMorgan Chase & Co. and HSBC
Group -- have reported significant cyber intrusions and U.S. corporations in
general have been frequent targets of hacking. Money center banks and insurance
companies have built their own cybersecurity programs in recent years, often at
expenses of hundreds of millions of dollars. The biggest impact of the new
regulations is likely to be on small banks and insurers, which may now need to
bring their cyber programs up to at least a minimum standard. Governor
Andrew Cuomo said the regulations would "guarantee the financial services
industry upholds its obligation to protect consumers and ensure that its
systems are sufficiently constructed to prevent cyber-attacks to the fullest
extent possible." Will these measures truly strengthen the cyber security
of the banking and insurance industries or simply be superfluous government
fluff? Share your comments with the Cloud and Cyber Security Center.
Thursday, September 8, 2016
US President Obama Delivers Plea for Deescalation of Cyber Warfare
US President Obama asked for USD 19 billion for cybersecurity efforts in his budget
request, a 35 per cent increase from current levels, with USD 3 billion
earmarked to help modernise the patchwork of computer systems used in
government agencies. President Obama urged deescalation of a
potential arms race involving cyberweapons. The president's remarks
followed his meeting with world leaders, including Russian President
Vladimir Putin, at the G20 Summit in Hangzhou, China. The U.S. has more offensive and defensive capability than any other country on Earth, Obama noted. Citing a new era of significant cyberwarfare capabilities, the
president urged moving into a space where leaders begin to institute
some norms to prevent global escalation from spinning out of control. "We're going to have enough problems in the cyberspace with non-state
actors who are engaging in theft and using the Internet for all kinds
of illicit practices, and protecting our critical infrastructure, and
making sure our financial systems are sound," Obama said, "and what we
cannot do is have a situation where this becomes the Wild, Wild West,
where countries that have significant cybercapacity start engaging in
competition -- unhealthy competition or conflict through these means
when, I think wisely, we've put in place some norms when it comes to
using other weapons." New evidence implicating Russia in attempts to undermine the U.S.
election has come to light, wrote Senate Minority Leader Harry Reid,
D-Nev., in a letter to FBI Director James Comey, late last month. Will the US call for deescalation of cyber warfare yielded bona fide results or simply be viewed as political rhetoric? Let us know your thoughts here at the Cloud and Cyber Security Center.
Wednesday, September 7, 2016
Cisco Acquires CloudLock Validating Demand for CASB Security Solutions
Cloud Access Security Brokers, aka CASBs, provide security and visibility for companies moving to the cloud. They
logically or physically sit between the customer and whichever cloud
services it uses. Martin Zinaich, information security officer for the
city of Tampa, summarizes their function and purpose: "Cloud
access security brokers are on-premises, or cloud-based security policy
enforcement points, placed between cloud service consumers and cloud
service providers to combine and interject enterprise security policies
as the cloud-based resources are accessed. CASBs consolidate multiple
types of security policy enforcement. They increasingly support the
control of enterprise social networking use, and popular infrastructure
as a service (IaaS) and platform as a service (PaaS) providers." This, Zinaich added, "is a smart play for Cisco." Cisco's
move confirms that the security industry considers CASBs to be the way
forward in cloud security. Last year Microsoft bought Adallom and turned
it into its Cloud Application Security service launched in April 2016. The
emergence of CASBs has been recent and rapid. Bill Burns, CISO at
Informatica, has been involved in two recent studies on CASBs in 2014
and 2015. "One of the surprises in the first study," he said in a recent interview
"was that CASBs were a relatively unknown technology, but the problem
they addressed one of the most worrisome areas that needed to be
addressed. This year’s results showed much more awareness for the CASB
solutions." Can CASB products truly strengthen cloud security? Send your comments to the Cloud and Cyber Security Center.
Thursday, September 1, 2016
Cisco WebEx Meetings Player Code Execution Vulnerability (CVE-2016-1464)
The vulnerability is due to improper handling of user-supplied files. An
attacker could exploit this vulnerability by persuading a user to open a
malicious file by using the affected software. A successful exploit
could allow the attacker to execute arbitrary code on the system with
the privileges of the user. Cisco
informed customers has released software and
firmware updates for some of its products in an effort to address
several vulnerabilities rated as having critical, high and medium
severity. Francis
Provencher, security researcher and founder of the Canadian government
agency COSIG, has been credited by Cisco for identifying two
vulnerabilities in WebEx Meetings Player. The more serious of the flaws, rated critical, is
CVE-2016-1464, which allows an unauthenticated attacker to remotely execute arbitrary
code by convincing a user to open a specially crafted file with the
vulnerable software. Another
vulnerability found by the researcher, classified as having medium
severity, allows an unauthenticated attacker to hack WebEx Meetings Player. by getting the victim to open a malicious file. Both
vulnerabilities found by Provencher affect Cisco WebEx Meetings Player
version T29.10 for WRF files. Cisco has released updates to address the
bugs, but no workarounds are available. Cisco
has also published advisories describing five different vulnerabilities
affecting Small Business series switches and IP phones. Four of the
issues were reported to the vendor by Nicolas Collignon and Renaud
Dubourguais of Synacktiv, and one by security researcher Chris Watts. Will this bug fix by Cisco fully resolve the WebEx Media Player vulnerability? Send your assessment to the Cloud and Cyber Security Center.
Subscribe to:
Posts (Atom)