munin Posted November 9, 2022 Share Posted November 9, 2022 Something that I like to think about once in a while is unusual angles for threats to occur and how to defend against them. You'd expect, for example, your LAN to have a certain set of network-based attacks from outside of the LAN; those are addressed with controls like firewalls or rejecting connections that try to initiate TLS sessions without having the right certificate - but perhaps you might not expect your local ISP being acquired by another corporation and changing how traffic gets routed to you, which might be considered to be a financially-based upstream attack in certain circumstances. One particularly oddball one that I saw once involved a Password Manager - that was the guy's job title; this one bank in ASIAPAC had a policy that all logins had to be performed by this one individual via remote desktop connections to each of the tellers' workstations. In this case, the org regarded -the tellers themselves- as a threat surface that could impact their organization's stability. What are some unusual threat surfaces that you've seen? And how were they mitigated? 1 Link to comment Share on other sites More sharing options...
ChickenKing Posted November 9, 2022 Share Posted November 9, 2022 firmware! great article here https://eclypsium.com/2022/09/19/firmware-security-realizations-part-3-spi-write-protections/ also +1 for the author, Paul. He runs an awesome podcast called Security Weekly 1 Link to comment Share on other sites More sharing options...
Chauke Posted November 9, 2022 Share Posted November 9, 2022 I had a coworker that bought one of those 16TB USB sticks and he tried to use it on his work machine. We also get a lot of malicious mails from company's we work with (They got hacked). One of them was sending outlook meetings with bots that spammed malware to everyone It was super annoying. But for the most part its always user related. 2 Link to comment Share on other sites More sharing options...
Name_Too_Long Posted November 9, 2022 Share Posted November 9, 2022 Facebook's "Prineville problems" immediately come to mind. They ended up having to bury miles of power and fiber lines that feed their Prineville data center because people kept shooting the insulators on the towers. Sort of a variation on the traditional "fiber seeking backhoe" problem. 2 Link to comment Share on other sites More sharing options...
lurto Posted November 15, 2022 Share Posted November 15, 2022 16TB USB sticks On 11/9/2022 at 5:10 PM, Chauke said: 16TB USB sticks The OSI layer 8 and how much trouble they can give. Best example of a USB drive I saw was LNK file which executes a cmd (pretty common) but the malware was in the recycle bin and the cmd command then opend a real folder with user data on it. Which was the best malicious USB drive I have ever seen. Cracked software is sometimes not easy to find when malicious either. Thank god for behavior detctions, without it hard to see that one of the dll or tmp file in photoshop isn't the right one 1 Link to comment Share on other sites More sharing options...
deleted Posted November 26, 2022 Share Posted November 26, 2022 Stuff like using waves to be able to read the screen of sb else's computer. Snowden wrote about it in his book. Link to comment Share on other sites More sharing options...
Name_Too_Long Posted November 27, 2022 Share Posted November 27, 2022 https://twitter.com/_ChezDaniela/status/1594428625516134400 Poster was charging their EV overnight when the charger got hit by freezing rain which locked their charging cable to the charger. Those cables are expensive enough you don't want to abandon one, so they were stuck waiting for a service tech to come free their cable. In other news, new denial of service technique for EVs in cold climates just dropped https://www.homedepot.com/p/HDX-2-Gal-Pump-Sprayer-1502HDXA/307766539 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now