Information Security Blog | Cyber Security Blog

Sreejith C

Information Security Blog | Cyber Security Blog
Read More

A Cherry Hill man charged with producing child pornography will remain in custody until his trial, the Courier Post reports.

Burton Gersh, 68, is in a federal detention facility, according to the report. He was looking to be released until his trial begins on May 19, but a judge ruled that Gersh had reason to flee between the possibility of a long prison term and over $2 million in assets, according to the report.

Gersh and Les Sidweber, 73, were each charged with two counts of production of child pornography on Nov. 3.

Gersh and Sidweber face a mandatory minimum term of 15 years in prison, with a maximum possible sentence of 60 years in prison, a $500,000 fine, a period of supervised release of five years to life, and a $200 special assessment.

The two allegedly transported two minors, ages 16 and 17, from the Philadelphia area, on multiple occasions, to their homes in Cherry Hill, according to court documents.

While there, Sidweber took pictures of the teenagers engaging in sexually explicit acts at Gersh’s behest.

Gersh claims the girls told him they were 18, but federal courts have deemed suspects of child pornography are not permitted to use that as an excuse, according to the report.

Read More

Cyber security woes

Tuesday, 03 May 2016 05:30

In late 2014, an anonymous whistle-blower contacted the German newspaper Suddeutsche Zeitung stating that they had “more data than you have ever seen” in relation to crimes that the person wanted to make public. At this time, it is not publicly known how the whistle-blower was able to send so much data undetected over such a period of time however Bastian Obermayer, the reporter for Suddeutsche Zeitung who was contacted by the whistle-blower, stated that he “learned a lot about making the safe transfer of big files”.

Obermayer indicated that he communicated through various encrypted channels with the whistle-blower who sent the data in chunks until the 2.7 TB were amassed. Suddeutsche Zeitung contacted the ICIJ and the ICIJ created a secure portal where journalists could research the data. Over 400 journalists kept the information a secret until Sunday when over 100 news outlets published the first articles about the data leak.

Earlier, the Mossack Fonseca website told its customers that their email server suffered an unauthorized breach. The company denies any wrongdoing and has published a lengthy rebuttal to the media reports. A spokesperson has stated that the company may pursue legal action against the news agencies for using the information that was obtained illegally.

It appears that you have had unauthorized access to proprietary documents and information taken from our company and have presented and interpreted them out of context. We trust that you are fully aware that using information/documentation unlawfully obtained is a crime, and we will not hesitate to pursue all available criminal and civil remedies.

The one thing that has not been mentioned yet is the data protection liability suit that the 4th largest offshore law firm in the world may have coming in the near future. Target settled its data breach for $100 million… this one is going to be much larger.

While the Cisco CEO says that there are two types of companies, ones that have been hacked and ones that know they’ve been hacked; the cybersecurity future is not completely doom and gloom for businesses. There are some basic things that businesses can do to better protect themselves.

Use endpoint (anti-virus and anti-malware) software on all devices and keep it up-to-date

Protect the business with a firewall that inspects traffic both in and out of the business

Get a vulnerability and penetration assessment

Read More

Sony has better plans for its Playstation

Wednesday, 27 April 2016 05:30

A recent rash of data breaches is pointing to a growing trend of cybercriminals targeting video game companies. Attacks in the past few weeks include Microsoft’s Xbox platform, Riot Games’ League of Legends and, most recently, Sony’s PlayStation Network.

The PlayStation Network went down over the weekend of Aug. 23-24, but has since been restored, Newsweek reported. The same alleged attackers behind the other breaches claim to have also disrupted service for Blizzard Entertainment, the makers of World of Warcraft, whose site also went down over the weekend.

A criminal network going by the name Lizard Squad has taken responsibility for the attacks, which often used distributed denial of service techniques to overload servers with data traffic, according to The Financial Times. The group has also tied themselves to a bomb threat that forced a flight with a Sony U.S. executive on board to reroute over security concerns. DDoS attacks are becoming more common and are “the weapon of choice for the modern hacker,” according to security expert Marc Gaffan.

So far Lizard Squad’s motives are not clear, though they did post a Twitter message complaining about the service of Sony’s PlayStation network before the attack.

“Sony, yet another large company, but they aren’t spending the waves of cash they obtain on their customers’ PSN service. End the greed,” read the tweet.

PlayStation Suffered a History of Cyber-attacks

Back in 2011 Sony was hit with another high-profile data breach where hackers copied the personal data of approximately 77 million PlayStation Network users and the credit card information of nearly 13,000 customers. The network was forced to go dark for a month while it was patched and rebuilt to offer greater security.

This cyber-attack comes at an especially bad time, as Sony has been investing heavily in the PlayStation Network recently in the hopes that it will serve as the centerpiece of the company’s bid to revitalize business after years of poor sales and losses in its flagship electronics operation.

As cybercriminals and their techniques become more advanced, so too must enterprise security methods increase their sophistication. One of the most reliable ways for businesses to defend against a data breach is to implement two-factor authentication.

This type of data protection requires multiple forms of identification before issuing access to privileged information or systems, ensuring only authorized users are allowed in. The need for strong authentication to defend enterprise information has never been greater, so don’t wait until it’s too late.

Read More

Facebook Android App Now with Internet Anonymity Tor

Tuesday, 26 April 2016 05:30

For the past couple of years, Facebook has been allowing users to log into their account on their personal computers using Tor-enabled browsers. This support for Tor network will receive a new boost, after Facebook announced that they will now extend Tor support to Android mobile users. In a move that is aimed to increase Tor functionality for Facebook users, a new feature that supports Tor network will be added to the Android app, which will allow users to browse privately. The announcement comes at a time when there is a heated debate on the issue of Internet anonymity.

About Tor network

Tor is an Internet anonymity network, which encrypts the traffic from the connected device and routes it through several network nodes all over the globe. This helps to conceal the identity of the Internet user and the location of the connection, allowing them to browse anonymously. The network has been the go-to option for Internet users who want to maintain their privacy while browsing online. However, it has gained a lot of popularity in the past few years, especially with the revelation of the massive surveillance of civilians in the USA by the NSA.


With the integration of the new feature, Facebook Android app will now come with a button that allows users the option of connecting to the internet using Tor network. However, users will have to download and install Orbot, the Tor app for Android phones. The new feature will however not be available to iPhone users.