New Exploit Uses Office Documents

A new exploit is using Microsoft Office documents to deliver malware.  This is different from the reanimated macro exploits.  If this exploit, the target will receive an Office document, such as a Word file, as an email attachment.  Opening the attachment causes a malicious HTML application to be downloaded from the attackers C2 server.  This is executed as an .hta file, disguised as an RTF file.  The result is the attacker ...

Continue Reading →
0

Google reCAPTCHA Fooled By Bot

CAPTCHA, or Completely Automated Procedures for Telling Computers and Humans Apart, was a system first theorized by cryptographer Alan Turing in 1950.  We find these little “I am not a robot” challenges popping up all over the place, especially when creating a new account, registering for a web service the first time, or sometimes as form of poor man’s two-factor authentication.  (Something ...

Continue Reading →
0

Security Standards for the Internet of (Insecure) Things?

Everything you can think of and many things you have never dreamed of are being manufactured with little Linux operating systems and wireless Internet connections. Or in simpler terms, a brain, storage, and communications ability. This is the Internet of Things (IoT).  Lots and lots of “smart” devices talking to each other and phoning home to some data collection or dissemination point.  If only the people who are designing these devices, ...

Continue Reading →
0

Have I Been Breached?

Yes, I have.  A “breach” is an computer security incident where a website’s data has been illegally accessed by cyber-attackers and released publicly.

I know that my main email account has been compromised in the past, and used for sending Spam, because my hosting provider disabled my email account and hosting account until I had an opportunity to change my password.

I know that all my websites are under continuous automated password guessing attack, although ...

Continue Reading →
0

Who Needs Skynet? Robots Are Easily Hacked By Humans

We can’t talk about robots without thinking about robots running amok as in the Terminator movies.  But it turns out that most of the robots that are available today can be easily hacked by humans.

Robots are showing up in industrial settings, in hospitals, on our roads as autonomous vehicles, in secure facilities as guards, and in our homes, as carpet cleaners, children’s companions.  Soon they will be everywhere, assisting, working, moving ...

Continue Reading →
0

WyzGuys Reaches a Milestone – 1000 Posts

Last Friday’s post was a milestone that we have been anticipating for a while.  We have written and published a thousand articles!  We started this web log on October 26, 2006, and have been writing for over a decade.

We got off to a slow start, and it took us a while to find our voice, and to specialize in cybersecurity.  In the beginning, we were a general computer technology blog.  And ...

Continue Reading →
0

Interesting DDoS Ransom Threat Arrives By Postal Mail

When you work in a cybersecurity organization that serves other business entities, every now and again you see something really unique.  This one crossed my desk on March 28th.  A client of ours received a letter by postal mail that threatened to shut them down with a distributed denial of service attack.  They are probably trying to avoid the Computer Fraud and Abuse Act, but extortion by postal mail is a ...

Continue Reading →
0

Apple Pushing Two-Factor Authentication

Users of the Apple iOS 10.3 phone operating system are being offered two-factor authentication (2FA) for their Apple IDs.  This offers an additional layer of security for iCloud data, too.

As we have discussed in previous posts, the benefits of 2FA are that your account cannot be breached with only a stolen password.  In addition to the password, a one-time passcode is required to ...

Continue Reading →
0

The Top Cybersecurity Strategies That Prevent Targeted Attacks

According to the Department of Homeland Security (DHS), there are seven strategies that will prevent 85% of targeted attacks.  To this list I have added a few of my favorites.

  • Password Manager Programs – If you are truly going to have dozens or hundreds of unique and long passwords, you will need the help of a password manager program to keep them all straight, and enter ...
Continue Reading →
0

Securing Your Social Networks

Social networks are a tremendous source of personal information leakage.  Actually, more like a waterfall.  As we learned in the last post, attackers use social networks to perform reconnaissance against their chosen targets.  Since few of us are going to delete all our social network accounts and move of the grid, we have to find a way to live with ...

Continue Reading →
0
Page 3 of 26 12345...»