The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
Association of Corporate Counsel (ACC) USA, a global legal association representing more than 42,000 in-house counsel in 85 countries, today announced the release of safety guidelines for outside counsel who have access to sensitive company data as part of their engagements with corporate law departments

The guidelines, "Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information," will serve as a benchmark for law firm cyber security practices.



Encompassing information retention/return/destruction, data handling and encryption, data breach reporting, physical security, employee background screening, and cyber liability insurance, the model requirements are based on ACC members' experience, past data security audits, and learned best practices in ensuring that sensitive client data remains confidential.

Many corporate law departments conduct data security audits when they retain a new law firm, a responsibility increasingly held by corporate legal operations professionals that manage outside counsel relationships. 

I have embedded copy of the Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information document below. 

Please email at Prakash@thesecureplanet.com if you require PDF copy of it.



The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
A smart TV is susceptible to being hacked like any other smart device on your home network. Researchers have demonstrated how they could remotely turn on a smart TV’s built-in camera and microphone by hacking its vulnerabilities. 

ESET, a security vender based in the European Union has launched ESET Smart TV security to prevent against such attacks.





The Smart TV security app protects customers with antivirus protection against Android malware, anti-ransomeware tech, multi-device scanning for malware on devices and USBs that connect to the smart TV, and anti-phishing technology.

ESET Smart TV Security comes in a free version and a premium version, which costs S$3 per month or S$19 per year. The premium version offers the additional anti-phishing and scheduled scan features.


 

What next?? 

Antivirus for Refrigerator, Microwave, washing machine, ehh tea kettle ? :)
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting

2018 Winter Olympics Opening Ceremony's light show was created using drones. It was most amazing show breaking the record for most unmanned aerial vehicles airborne simultaneously.

The record-setting performance included Intel's 1,218 shooting star drones flying in sync to create a stunning Olympic-rings over the skies in Pyeongchang.  

This convergence of technology and art broke records according to the Guinness Book of World Records. Previously held by Intel's high water mark of 500 drones flying together in 2016, the 1,218 drone flight will be a historic one. 




Each one of the drones weighed approximately eight ounces and averaged a 20-minute flight time. The drone production included some other impressive sky Olympic themes animations including a moving snowboarder. The drones were able to coordinate using a combination of precise coding and four billion color combination enabled by onboard LEDs. 

Watch the most amazing spectacular show


The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting

Note from Prakash
This is not one of those doomsday post. This is being tracked by NASA.

A Nasa spacecraft designed to save Earth from asteroids is ‘inadequate’ and will not be able to nudge a gigantic space rock onto a course which guarantees it doesn’t hit Earth in 2135 without using nuclear weapons. It is the warning from members of a US ‘national planetary defence team’ who have just published a study which says it may be impossible to redirect a huge space rock called Bennu unless we bring out the big guns.

Nasa is already working on a craft called HAMMER (Hypervelocity Asteroid Mitigation Mission for Emergency Response vehicle) that’s designed to blow up asteroids with nuclear bombs or steer the asteroid on a trajectory & that means it won’t smash into Earth.

Academics who work alongside Nasa as part of the planetary defence team ‘ultimately concluded that using a single HAMMER spacecraft would prove inadequate for deflecting an object like Bennu.


 Image credit: Lawrence Livermore National Laboratory

Bennu is an asteroid of 500-metre-wide doomsday space rock and is big enough to wipe out a city. 

It has a 1 in 2,700-chance of striking Earth on Sept. 25, 2135, and it is estimated that the energy unleashed in this impact would be equivalent to 1,200 megatons, which is 80,000 times the energy released by the Hiroshima bomb.  

Bennu is as wide as five football fields and weights around 79 billion kilograms, which is 1,664 times as heavy as the Titanic. The probability of a Bennu impact may be 1 in 2,700 today but it will almost certainly change.

A mission launched in 2125 would require up to 53 launches of the Delta IV Heavy rocket carrying a single HAMMER to send enough of the planet-saving crafts to Bennu. Nasa’s Osiris-Rex spacecraft is currently on its way to collect a sample of Bennu and bring it back to Earth.

The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
A tool for bug detection in the source code of programs, written in C, C++, and C#. It works in Windows and Linux environment.

PVS-Studio performs static code analysis and generates a report that helps a programmer find and fix bugs. PVS-Studio performs a wide range of code checks, it is also useful to search for misprints and Copy-Paste errors. Examples of such errors: V501, V517, V522, V523, V3001.




The analyzer can be run at night on the server and warn about suspicious code fragments. Ideally, these errors can be detected and fixed before getting into the repository. PVS-Studio can automatically be launched immediately after the compiler for the files that have been just modified. It works in Windows and Linux.

The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
Microsoft's 23rd bi-annual Security Intelligence Report (SIR) focuses on three topics: the disruption of the Gamarue (aka Andromeda) botnet, evolving hacker methodologies, and ransomware. 

It draws on the data analysis of Microsoft's global estate since February 2017, including 400 billion email messages scanned, 450 billion authentications, and 18+ billion Bing webpage scans every month; together with the telemetry collected from the 1.2 billion Windows devices that opt in to sharing threat data with Microsoft.




In partnership with ESET, Microsoft had been researching the Gamarue infrastructure and 44,000 associated malware samples, since December 2015. Details on 1,214 C&C domains and IPs, 464 distinct botnets and more than 80 malware families were collected and handed to law enforcement agencies around the world.

A significant volume of phishing-based email messages at the very end of the year 2017. Phishing was the #1 threat vector (> 50%) for Office 365-based email threats in the second half of calendar year 2017.

Ransomware is the third major topic discussed in SIR. Last year was rocked by WannaCry, NotPetya and Bad Rabbit. The first two of these rapidly became global in extent using an exploit known as EternalBlue; code publicly released by the Shadow Brokers.

Three most commonly encountered ransomwares in 2017 were Android LockScreen, WannaCry and Cerber. LockScreen is interesting since it is Android malware that crosses to Windows devices when users sync their phones or download Android apps, usually side loading from outside of the Google Play store, via Windows.

The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
In August, a petrochemical company with a plant in Saudi Arabia was hit by a new kind of cyberassault. The attack was not designed to simply destroy data or shut down the plant but it was meant to sabotage the firm’s operations and trigger an explosion.

The attackers were sophisticated and had plenty of time and resources, an indication that they were most likely supported by a government, according to more than a dozen people, including cybersecurity experts who have looked into the attack and asked not to be identified because of the confidentiality of the continuing investigation.

  Image for representative purpose only

The only thing that prevented an explosion was a mistake in the attackers’ computer code. The assault was the most alarming in a string of hacking attacks on petrochemical plants in Saudi Arabia. 

In January 2017, computers went dark at the National Industrialization Company which is one of the few privately owned Saudi petrochemical companies. Computers also crashed 15 miles away at Sadara Chemical Company, a joint venture between the oil and chemical giants Saudi Aramco and Dow Chemical. 

The hard drives inside the company’s computers were destroyed and their data wiped clean within minutes of the attack at Tasnee. 

Mandiant, a division of the security firm FireEye is still investigating. A team at Schneider Electric, which made the industrial systems that were targeted, called Triconex safety controllers, is also looking into the attack. The National Security Agency, the F.B.I., the Department of Homeland Security and the Pentagon’s Defense Advanced Research Projects Agency, which has been supporting research into forensic tools designed to assist hacking investigations.  

Attackers compromised Schneider’s Triconex controllers, which keep equipment operating safely by performing tasks like regulating voltage, pressure and temperatures. Those controllers are used in about 18,000 plants around the world, including nuclear and water treatment facilities, oil and gas refineries, and chemical plants.

Source- The New York Times